diff options
Diffstat (limited to 'contrib/unbound/util/config_file.c')
-rw-r--r-- | contrib/unbound/util/config_file.c | 229 |
1 files changed, 171 insertions, 58 deletions
diff --git a/contrib/unbound/util/config_file.c b/contrib/unbound/util/config_file.c index 976cb976f48e..e8de5119ba68 100644 --- a/contrib/unbound/util/config_file.c +++ b/contrib/unbound/util/config_file.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -55,6 +55,7 @@ #include "util/regional.h" #include "util/fptr_wlist.h" #include "util/data/dname.h" +#include "util/random.h" #include "util/rtt.h" #include "services/cache/infra.h" #include "sldns/wire2str.h" @@ -87,7 +88,10 @@ struct config_parser_state* cfg_parser = 0; /** init ports possible for use */ static void init_outgoing_availports(int* array, int num); -struct config_file* +/** init cookie with random data */ +static void init_cookie_secret(uint8_t* cookie_secret, size_t cookie_secret_len); + +struct config_file* config_create(void) { struct config_file* cfg; @@ -99,6 +103,7 @@ config_create(void) cfg->stat_interval = 0; cfg->stat_cumulative = 0; cfg->stat_extended = 0; + cfg->stat_inhibit_zero = 1; cfg->num_threads = 1; cfg->port = UNBOUND_DNS_PORT; cfg->do_ip4 = 1; @@ -115,6 +120,7 @@ config_create(void) cfg->tcp_auth_query_timeout = 3 * 1000; /* 3s in millisecs */ cfg->do_tcp_keepalive = 0; cfg->tcp_keepalive_timeout = 120 * 1000; /* 120s in millisecs */ + cfg->sock_queue_timeout = 0; /* do not check timeout */ cfg->ssl_service_key = NULL; cfg->ssl_service_pem = NULL; cfg->ssl_port = UNBOUND_DNS_OVER_TLS_PORT; @@ -136,6 +142,7 @@ config_create(void) cfg->log_tag_queryreply = 0; cfg->log_local_actions = 0; cfg->log_servfail = 0; + cfg->log_destaddr = 0; #ifndef USE_WINSOCK # ifdef USE_MINI_EVENT /* select max 1024 sockets */ @@ -152,7 +159,7 @@ config_create(void) cfg->outgoing_num_ports = 48; /* windows is limited in num fds */ cfg->num_queries_per_thread = 24; cfg->outgoing_num_tcp = 2; /* leaves 64-52=12 for: 4if,1stop,thread4 */ - cfg->incoming_num_tcp = 2; + cfg->incoming_num_tcp = 2; #endif cfg->stream_wait_size = 4 * 1024 * 1024; cfg->edns_buffer_size = 1232; /* from DNS flagday recommendation */ @@ -232,6 +239,7 @@ config_create(void) cfg->harden_below_nxdomain = 1; cfg->harden_referral_path = 0; cfg->harden_algo_downgrade = 0; + cfg->harden_unknown_additional = 0; cfg->use_caps_bits_for_id = 0; cfg->caps_whitelist = NULL; cfg->private_address = NULL; @@ -264,6 +272,7 @@ config_create(void) cfg->val_permissive_mode = 0; cfg->aggressive_nsec = 1; cfg->ignore_cd = 0; + cfg->disable_edns_do = 0; cfg->serve_expired = 0; cfg->serve_expired_ttl = 0; cfg->serve_expired_ttl_reset = 0; @@ -299,14 +308,14 @@ config_create(void) cfg->minimal_responses = 1; cfg->rrset_roundrobin = 1; cfg->unknown_server_time_limit = 376; - cfg->max_udp_size = 4096; - if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key"))) + cfg->max_udp_size = 1232; /* value taken from edns_buffer_size */ + if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key"))) goto error_exit; - if(!(cfg->server_cert_file = strdup(RUN_DIR"/unbound_server.pem"))) + if(!(cfg->server_cert_file = strdup(RUN_DIR"/unbound_server.pem"))) goto error_exit; - if(!(cfg->control_key_file = strdup(RUN_DIR"/unbound_control.key"))) + if(!(cfg->control_key_file = strdup(RUN_DIR"/unbound_control.key"))) goto error_exit; - if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem"))) + if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem"))) goto error_exit; #ifdef CLIENT_SUBNET @@ -314,7 +323,7 @@ config_create(void) #else if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit; #endif - if(!(cfg->val_nsec3_key_iterations = + if(!(cfg->val_nsec3_key_iterations = strdup("1024 150 2048 150 4096 150"))) goto error_exit; #if defined(DNSTAP_SOCKET_PATH) if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH))) @@ -323,6 +332,7 @@ config_create(void) cfg->dnstap_bidirectional = 1; cfg->dnstap_tls = 1; cfg->disable_dnssec_lame_check = 0; + cfg->ip_ratelimit_cookie = 0; cfg->ip_ratelimit = 0; cfg->ratelimit = 0; cfg->ip_ratelimit_slabs = 4; @@ -336,6 +346,8 @@ config_create(void) cfg->ip_ratelimit_backoff = 0; cfg->ratelimit_backoff = 0; cfg->outbound_msg_retry = 5; + cfg->max_sent_count = 32; + cfg->max_query_restarts = 11; cfg->qname_minimisation = 1; cfg->qname_minimisation_strict = 0; cfg->shm_enable = 0; @@ -364,14 +376,22 @@ config_create(void) cfg->ipsecmod_whitelist = NULL; cfg->ipsecmod_strict = 0; #endif + cfg->do_answer_cookie = 0; + memset(cfg->cookie_secret, 0, sizeof(cfg->cookie_secret)); + cfg->cookie_secret_len = 16; + init_cookie_secret(cfg->cookie_secret, cfg->cookie_secret_len); #ifdef USE_CACHEDB if(!(cfg->cachedb_backend = strdup("testframe"))) goto error_exit; if(!(cfg->cachedb_secret = strdup("default"))) goto error_exit; + cfg->cachedb_no_store = 0; #ifdef USE_REDIS if(!(cfg->redis_server_host = strdup("127.0.0.1"))) goto error_exit; + cfg->redis_server_path = NULL; + cfg->redis_server_password = NULL; cfg->redis_timeout = 100; cfg->redis_server_port = 6379; cfg->redis_expire_records = 0; + cfg->redis_logical_db = 0; #endif /* USE_REDIS */ #endif /* USE_CACHEDB */ #ifdef USE_IPSET @@ -484,10 +504,10 @@ int config_set_option(struct config_file* cfg, const char* opt, /* not supported, library must have 1 thread in bgworker */ return 0; } else if(strcmp(opt, "outgoing-port-permit:") == 0) { - return cfg_mark_ports(val, 1, + return cfg_mark_ports(val, 1, cfg->outgoing_avail_ports, 65536); } else if(strcmp(opt, "outgoing-port-avoid:") == 0) { - return cfg_mark_ports(val, 0, + return cfg_mark_ports(val, 0, cfg->outgoing_avail_ports, 65536); } else if(strcmp(opt, "local-zone:") == 0) { return cfg_parse_local_zone(cfg, val); @@ -501,7 +521,7 @@ int config_set_option(struct config_file* cfg, const char* opt, if(atoi(val) == 0) return 0; cfg->val_date_override = (uint32_t)atoi(val); } - } else if(strcmp(opt, "local-data-ptr:") == 0) { + } else if(strcmp(opt, "local-data-ptr:") == 0) { char* ptr = cfg_ptr_reverse((char*)opt); return cfg_strlist_insert(&cfg->local_data, ptr); } else if(strcmp(opt, "logfile:") == 0) { @@ -516,6 +536,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("use-syslog:", use_syslog) else S_STR("log-identity:", log_identity) else S_YNO("extended-statistics:", stat_extended) + else S_YNO("statistics-inhibit-zero:", stat_inhibit_zero) else S_YNO("statistics-cumulative:", stat_cumulative) else S_YNO("shm-enable:", shm_enable) else S_NUMBER_OR_ZERO("shm-key:", shm_key) @@ -536,6 +557,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_NUMBER_NONZERO("tcp-reuse-timeout:", tcp_reuse_timeout) else S_YNO("edns-tcp-keepalive:", do_tcp_keepalive) else S_NUMBER_NONZERO("edns-tcp-keepalive-timeout:", tcp_keepalive_timeout) + else S_NUMBER_OR_ZERO("sock-queue-timeout:", sock_queue_timeout) else S_YNO("ssl-upstream:", ssl_upstream) else S_YNO("tls-upstream:", ssl_upstream) else S_STR("ssl-service-key:", ssl_service_key) @@ -645,6 +667,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("harden-below-nxdomain:", harden_below_nxdomain) else S_YNO("harden-referral-path:", harden_referral_path) else S_YNO("harden-algo-downgrade:", harden_algo_downgrade) + else S_YNO("harden-unknown-additional:", harden_unknown_additional) else S_YNO("use-caps-for-id:", use_caps_bits_for_id) else S_STRLIST("caps-whitelist:", caps_whitelist) else S_SIZET_OR_ZERO("unwanted-reply-threshold:", unwanted_threshold) @@ -668,9 +691,11 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("log-tag-queryreply:", log_tag_queryreply) else S_YNO("log-local-actions:", log_local_actions) else S_YNO("log-servfail:", log_servfail) + else S_YNO("log-destaddr:", log_destaddr) else S_YNO("val-permissive-mode:", val_permissive_mode) else S_YNO("aggressive-nsec:", aggressive_nsec) else S_YNO("ignore-cd-flag:", ignore_cd) + else S_YNO("disable-edns-do:", disable_edns_do) else if(strcmp(opt, "serve-expired:") == 0) { IS_YES_OR_NO; cfg->serve_expired = (strcmp(val, "yes") == 0); SERVE_EXPIRED = cfg->serve_expired; } @@ -680,7 +705,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else if(strcmp(opt, "serve-expired-reply-ttl:") == 0) { IS_NUMBER_OR_ZERO; cfg->serve_expired_reply_ttl = atoi(val); SERVE_EXPIRED_REPLY_TTL=(time_t)cfg->serve_expired_reply_ttl;} else S_NUMBER_OR_ZERO("serve-expired-client-timeout:", serve_expired_client_timeout) - else S_YNO("ede:", ede) + else S_YNO("ede:", ede) else S_YNO("ede-serve-expired:", ede_serve_expired) else S_YNO("serve-original-ttl:", serve_original_ttl) else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations) @@ -761,6 +786,10 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_POW2("dnscrypt-nonce-cache-slabs:", dnscrypt_nonce_cache_slabs) #endif + else if(strcmp(opt, "ip-ratelimit-cookie:") == 0) { + IS_NUMBER_OR_ZERO; cfg->ip_ratelimit_cookie = atoi(val); + infra_ip_ratelimit_cookie=cfg->ip_ratelimit_cookie; + } else if(strcmp(opt, "ip-ratelimit:") == 0) { IS_NUMBER_OR_ZERO; cfg->ip_ratelimit = atoi(val); infra_ip_ratelimit=cfg->ip_ratelimit; @@ -778,6 +807,8 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("ip-ratelimit-backoff:", ip_ratelimit_backoff) else S_YNO("ratelimit-backoff:", ratelimit_backoff) else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry) + else S_NUMBER_NONZERO("max-sent-count:", max_sent_count) + else S_NUMBER_NONZERO("max-query-restarts:", max_query_restarts) else S_SIZET_NONZERO("fast-server-num:", fast_server_num) else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil) else S_YNO("qname-minimisation:", qname_minimisation) @@ -786,6 +817,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_SIZET_NONZERO("pad-responses-block-size:", pad_responses_block_size) else S_YNO("pad-queries:", pad_queries) else S_SIZET_NONZERO("pad-queries-block-size:", pad_queries_block_size) + else S_STRLIST("proxy-protocol-port:", proxy_protocol_port) #ifdef USE_IPSECMOD else S_YNO("ipsecmod-enabled:", ipsecmod_enabled) else S_YNO("ipsecmod-ignore-bogus:", ipsecmod_ignore_bogus) @@ -793,6 +825,9 @@ int config_set_option(struct config_file* cfg, const char* opt, { IS_NUMBER_OR_ZERO; cfg->ipsecmod_max_ttl = atoi(val); } else S_YNO("ipsecmod-strict:", ipsecmod_strict) #endif +#ifdef USE_CACHEDB + else S_YNO("cachedb-no-store:", cachedb_no_store) +#endif /* USE_CACHEDB */ else if(strcmp(opt, "define-tag:") ==0) { return config_add_tag(cfg, val); /* val_sig_skew_min, max and val_max_restart are copied into val_env @@ -805,7 +840,7 @@ int config_set_option(struct config_file* cfg, const char* opt, { IS_NUMBER_OR_ZERO; cfg->val_max_restart = (int32_t)atoi(val); } else if (strcmp(opt, "outgoing-interface:") == 0) { char* d = strdup(val); - char** oi = + char** oi = (char**)reallocarray(NULL, (size_t)cfg->num_out_ifs+1, sizeof(char*)); if(!d || !oi) { free(d); free(oi); return -1; } if(cfg->out_ifs && cfg->num_out_ifs) { @@ -822,7 +857,7 @@ int config_set_option(struct config_file* cfg, const char* opt, * stub-ssl-upstream, forward-zone, auth-zone * name, forward-addr, forward-host, * ratelimit-for-domain, ratelimit-below-domain, - * local-zone-tag, access-control-view, + * local-zone-tag, access-control-view, interface-*, * send-client-subnet, client-subnet-always-forward, * max-client-subnet-ipv4, max-client-subnet-ipv6, * min-client-subnet-ipv4, min-client-subnet-ipv6, @@ -900,7 +935,7 @@ config_collate_cat(struct config_strlist* list) for(s=list; s; s=s->next) total += strlen(s->str) + 1; /* len + newline */ left = total+1; /* one extra for nul at end */ - r = malloc(left); + r = malloc(left); if(!r) return NULL; w = r; @@ -979,7 +1014,7 @@ config_collate_cat(struct config_strlist* list) } int -config_get_option(struct config_file* cfg, const char* opt, +config_get_option(struct config_file* cfg, const char* opt, void (*func)(char*,void*), void* arg) { char buf[1024], nopt[64]; @@ -995,6 +1030,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "statistics-interval", stat_interval) else O_YNO(opt, "statistics-cumulative", stat_cumulative) else O_YNO(opt, "extended-statistics", stat_extended) + else O_YNO(opt, "statistics-inhibit-zero", stat_inhibit_zero) else O_YNO(opt, "shm-enable", shm_enable) else O_DEC(opt, "shm-key", shm_key) else O_YNO(opt, "use-syslog", use_syslog) @@ -1054,6 +1090,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "tcp-reuse-timeout", tcp_reuse_timeout) else O_YNO(opt, "edns-tcp-keepalive", do_tcp_keepalive) else O_DEC(opt, "edns-tcp-keepalive-timeout", tcp_keepalive_timeout) + else O_DEC(opt, "sock-queue-timeout", sock_queue_timeout) else O_YNO(opt, "ssl-upstream", ssl_upstream) else O_YNO(opt, "tls-upstream", ssl_upstream) else O_STR(opt, "ssl-service-key", ssl_service_key) @@ -1092,6 +1129,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "log-tag-queryreply", log_tag_queryreply) else O_YNO(opt, "log-local-actions", log_local_actions) else O_YNO(opt, "log-servfail", log_servfail) + else O_YNO(opt, "log-destaddr", log_destaddr) else O_STR(opt, "pidfile", pidfile) else O_YNO(opt, "hide-identity", hide_identity) else O_YNO(opt, "hide-version", hide_version) @@ -1109,6 +1147,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "harden-below-nxdomain", harden_below_nxdomain) else O_YNO(opt, "harden-referral-path", harden_referral_path) else O_YNO(opt, "harden-algo-downgrade", harden_algo_downgrade) + else O_YNO(opt, "harden-unknown-additional", harden_unknown_additional) else O_YNO(opt, "use-caps-for-id", use_caps_bits_for_id) else O_LST(opt, "caps-whitelist", caps_whitelist) else O_DEC(opt, "unwanted-reply-threshold", unwanted_threshold) @@ -1120,6 +1159,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "val-permissive-mode", val_permissive_mode) else O_YNO(opt, "aggressive-nsec", aggressive_nsec) else O_YNO(opt, "ignore-cd-flag", ignore_cd) + else O_YNO(opt, "disable-edns-do", disable_edns_do) else O_YNO(opt, "serve-expired", serve_expired) else O_DEC(opt, "serve-expired-ttl", serve_expired_ttl) else O_YNO(opt, "serve-expired-ttl-reset", serve_expired_ttl_reset) @@ -1224,6 +1264,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_LST(opt, "python-script", python_script) else O_LST(opt, "dynlib-file", dynlib_file) else O_YNO(opt, "disable-dnssec-lame-check", disable_dnssec_lame_check) + else O_DEC(opt, "ip-ratelimit-cookie", ip_ratelimit_cookie) else O_DEC(opt, "ip-ratelimit", ip_ratelimit) else O_DEC(opt, "ratelimit", ratelimit) else O_MEM(opt, "ip-ratelimit-size", ip_ratelimit_size) @@ -1237,6 +1278,8 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "ip-ratelimit-backoff", ip_ratelimit_backoff) else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff) else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry) + else O_UNS(opt, "max-sent-count", max_sent_count) + else O_UNS(opt, "max-query-restarts", max_query_restarts) else O_DEC(opt, "fast-server-num", fast_server_num) else O_DEC(opt, "fast-server-permil", fast_server_permil) else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min) @@ -1252,11 +1295,17 @@ config_get_option(struct config_file* cfg, const char* opt, else O_LS3(opt, "access-control-tag-action", acl_tag_actions) else O_LS3(opt, "access-control-tag-data", acl_tag_datas) else O_LS2(opt, "access-control-view", acl_view) + else O_LS2(opt, "interface-action", interface_actions) + else O_LTG(opt, "interface-tag", interface_tags) + else O_LS3(opt, "interface-tag-action", interface_tag_actions) + else O_LS3(opt, "interface-tag-data", interface_tag_datas) + else O_LS2(opt, "interface-view", interface_view) else O_YNO(opt, "pad-responses", pad_responses) else O_DEC(opt, "pad-responses-block-size", pad_responses_block_size) else O_YNO(opt, "pad-queries", pad_queries) else O_DEC(opt, "pad-queries-block-size", pad_queries_block_size) else O_LS2(opt, "edns-client-strings", edns_client_strings) + else O_LST(opt, "proxy-protocol-port", proxy_protocol_port) #ifdef USE_IPSECMOD else O_YNO(opt, "ipsecmod-enabled", ipsecmod_enabled) else O_YNO(opt, "ipsecmod-ignore-bogus", ipsecmod_ignore_bogus) @@ -1268,11 +1317,15 @@ config_get_option(struct config_file* cfg, const char* opt, #ifdef USE_CACHEDB else O_STR(opt, "backend", cachedb_backend) else O_STR(opt, "secret-seed", cachedb_secret) + else O_YNO(opt, "cachedb-no-store", cachedb_no_store) #ifdef USE_REDIS else O_STR(opt, "redis-server-host", redis_server_host) else O_DEC(opt, "redis-server-port", redis_server_port) + else O_STR(opt, "redis-server-path", redis_server_path) + else O_STR(opt, "redis-server-password", redis_server_password) else O_DEC(opt, "redis-timeout", redis_timeout) else O_YNO(opt, "redis-expire-records", redis_expire_records) + else O_DEC(opt, "redis-logical-db", redis_logical_db) #endif /* USE_REDIS */ #endif /* USE_CACHEDB */ #ifdef USE_IPSET @@ -1302,10 +1355,11 @@ create_cfg_parser(struct config_file* cfg, char* filename, const char* chroot) cfg_parser->errors = 0; cfg_parser->cfg = cfg; cfg_parser->chroot = chroot; + cfg_parser->started_toplevel = 0; init_cfg_parse(); } -int +int config_read(struct config_file* cfg, const char* filename, const char* chroot) { FILE *in; @@ -1345,7 +1399,7 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot) if(r == GLOB_NOMATCH) { verbose(VERB_QUERY, "include: " "no matches for %s", fname); - return 1; + return 1; } else if(r == GLOB_NOSPACE) { log_err("include: %s: " "fnametern out of memory", fname); @@ -1544,7 +1598,7 @@ config_del_strbytelist(struct config_strbytelist* p) } } -void +void config_delete(struct config_file* cfg) { if(!cfg) return; @@ -1606,15 +1660,22 @@ config_delete(struct config_file* cfg) config_deltrplstrlist(cfg->local_zone_overrides); config_del_strarray(cfg->tagname, cfg->num_tags); config_del_strbytelist(cfg->local_zone_tags); - config_del_strbytelist(cfg->acl_tags); config_del_strbytelist(cfg->respip_tags); + config_deldblstrlist(cfg->acl_view); + config_del_strbytelist(cfg->acl_tags); config_deltrplstrlist(cfg->acl_tag_actions); config_deltrplstrlist(cfg->acl_tag_datas); + config_deldblstrlist(cfg->interface_actions); + config_deldblstrlist(cfg->interface_view); + config_del_strbytelist(cfg->interface_tags); + config_deltrplstrlist(cfg->interface_tag_actions); + config_deltrplstrlist(cfg->interface_tag_datas); config_delstrlist(cfg->control_ifs.first); free(cfg->server_key_file); free(cfg->server_cert_file); free(cfg->control_key_file); free(cfg->control_cert_file); + free(cfg->nat64_prefix); free(cfg->dns64_prefix); config_delstrlist(cfg->dns64_ignore_aaaa); free(cfg->dnstap_socket_path); @@ -1630,6 +1691,7 @@ config_delete(struct config_file* cfg) config_delstrlist(cfg->python_script); config_delstrlist(cfg->dynlib_file); config_deldblstrlist(cfg->edns_client_strings); + config_delstrlist(cfg->proxy_protocol_port); #ifdef USE_IPSECMOD free(cfg->ipsecmod_hook); config_delstrlist(cfg->ipsecmod_whitelist); @@ -1639,6 +1701,8 @@ config_delete(struct config_file* cfg) free(cfg->cachedb_secret); #ifdef USE_REDIS free(cfg->redis_server_host); + free(cfg->redis_server_path); + free(cfg->redis_server_password); #endif /* USE_REDIS */ #endif /* USE_CACHEDB */ #ifdef USE_IPSET @@ -1648,7 +1712,21 @@ config_delete(struct config_file* cfg) free(cfg); } -static void +static void +init_cookie_secret(uint8_t* cookie_secret, size_t cookie_secret_len) +{ + struct ub_randstate *rand = ub_initstate(NULL); + + if (!rand) + fatal_exit("could not init random generator"); + while (cookie_secret_len) { + *cookie_secret++ = (uint8_t)ub_random(rand); + cookie_secret_len--; + } + ub_randfree(rand); +} + +static void init_outgoing_availports(int* a, int num) { /* generated with make iana_update */ @@ -1661,7 +1739,7 @@ init_outgoing_availports(int* a, int num) for(i=1024; i<num; i++) { a[i] = i; } - /* create empty spot at 49152 to keep ephemeral ports available + /* create empty spot at 49152 to keep ephemeral ports available * to other programs */ for(i=49152; i<49152+256; i++) a[i] = 0; @@ -1672,7 +1750,7 @@ init_outgoing_availports(int* a, int num) } } -int +int cfg_mark_ports(const char* str, int allow, int* avail, int num) { char* mid = strchr(str, '-'); @@ -1717,7 +1795,7 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num) return 1; } -int +int cfg_scan_ports(int* avail, int num) { int i; @@ -1800,6 +1878,9 @@ void ub_c_error_msg(const char* fmt, ...) void ub_c_error(const char *str) { cfg_parser->errors++; + if(strcmp(str, "syntax error")==0 && cfg_parser->started_toplevel ==0) + str = "syntax error, is there no section start after an " + "include-toplevel directive perhaps."; fprintf(stderr, "%s:%d: error: %s\n", cfg_parser->filename, cfg_parser->line, str); } @@ -1831,7 +1912,7 @@ int cfg_strlist_append(struct config_strlist_head* list, char* item) return 1; } -int +int cfg_region_strlist_insert(struct regional* region, struct config_strlist** head, char* item) { @@ -1864,7 +1945,7 @@ cfg_strlist_find(struct config_strlist* head, const char *item) return NULL; } -int +int cfg_strlist_insert(struct config_strlist** head, char* item) { struct config_strlist *s; @@ -1894,7 +1975,7 @@ cfg_strlist_append_ex(struct config_strlist** head, char* item) return 0; s->str = item; s->next = NULL; - + if (*head==NULL) { *head = s; } else { @@ -1904,11 +1985,11 @@ cfg_strlist_append_ex(struct config_strlist** head, char* item) } last->next = s; } - - return 1; + + return 1; } -int +int cfg_str2list_insert(struct config_str2list** head, char* item, char* i2) { struct config_str2list *s; @@ -1930,7 +2011,7 @@ cfg_str2list_insert(struct config_str2list** head, char* item, char* i2) return 1; } -int +int cfg_str3list_insert(struct config_str3list** head, char* item, char* i2, char* i3) { @@ -1966,7 +2047,7 @@ cfg_strbytelist_insert(struct config_strbytelist** head, char* item, return 1; } -time_t +time_t cfg_convert_timeval(const char* str) { time_t t; @@ -1974,7 +2055,7 @@ cfg_convert_timeval(const char* str) memset(&tm, 0, sizeof(tm)); if(strlen(str) < 14) return 0; - if(sscanf(str, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, + if(sscanf(str, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) return 0; tm.tm_year -= 1900; @@ -1991,7 +2072,7 @@ cfg_convert_timeval(const char* str) return t; } -int +int cfg_count_numbers(const char* s) { /* format ::= (sp num)+ sp */ @@ -2026,7 +2107,7 @@ static int isalldigit(const char* str, size_t l) return 1; } -int +int cfg_parse_memsize(const char* str, size_t* res) { size_t len; @@ -2042,11 +2123,11 @@ cfg_parse_memsize(const char* str, size_t* res) /* check appended num */ while(len>0 && str[len-1]==' ') len--; - if(len > 1 && str[len-1] == 'b') + if(len > 1 && str[len-1] == 'b') len--; - else if(len > 1 && str[len-1] == 'B') + else if(len > 1 && str[len-1] == 'B') len--; - + if(len > 1 && tolower((unsigned char)str[len-1]) == 'g') mult = 1024*1024*1024; else if(len > 1 && tolower((unsigned char)str[len-1]) == 'm') @@ -2133,7 +2214,7 @@ uint8_t* config_parse_taglist(struct config_file* cfg, char* str, log_err("out of memory"); return 0; } - + /* parse */ s = str; while((p=strsep(&s, " \t\n")) != NULL) { @@ -2219,7 +2300,7 @@ int taglist_intersect(uint8_t* list1, size_t list1len, const uint8_t* list2, return 0; } -void +void config_apply(struct config_file* config) { MAX_TTL = (time_t)config->max_ttl; @@ -2261,7 +2342,7 @@ void config_lookup_uid(struct config_file* cfg) #endif } -/** +/** * Calculate string length of full pathname in original filesys * @param fname: the path name to convert. * Must not be null or empty. @@ -2275,7 +2356,7 @@ strlen_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) { size_t len = 0; int slashit = 0; - if(cfg->chrootdir && cfg->chrootdir[0] && + if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) { /* already full pathname, return it */ return strlen(fname); @@ -2298,8 +2379,8 @@ strlen_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) /* prepend chdir */ if(slashit && cfg->directory[0] != '/') len++; - if(cfg->chrootdir && cfg->chrootdir[0] && - strncmp(cfg->chrootdir, cfg->directory, + if(cfg->chrootdir && cfg->chrootdir[0] && + strncmp(cfg->chrootdir, cfg->directory, strlen(cfg->chrootdir)) == 0) len += strlen(cfg->directory)-strlen(cfg->chrootdir); else len += strlen(cfg->directory); @@ -2322,7 +2403,7 @@ fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) return NULL; buf[0] = 0; /* is fname already in chroot ? */ - if(cfg->chrootdir && cfg->chrootdir[0] && + if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) { /* already full pathname, return it */ (void)strlcpy(buf, fname, len); @@ -2348,10 +2429,10 @@ fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) if(slashit && cfg->directory[0] != '/') (void)strlcat(buf, "/", len); /* is the directory already in the chroot? */ - if(cfg->chrootdir && cfg->chrootdir[0] && - strncmp(cfg->chrootdir, cfg->directory, + if(cfg->chrootdir && cfg->chrootdir[0] && + strncmp(cfg->chrootdir, cfg->directory, strlen(cfg->chrootdir)) == 0) - (void)strlcat(buf, cfg->directory+strlen(cfg->chrootdir), + (void)strlcat(buf, cfg->directory+strlen(cfg->chrootdir), len); else (void)strlcat(buf, cfg->directory, len); slashit = 1; @@ -2388,7 +2469,7 @@ static char* last_space_pos(const char* str) return (sp>tab)?sp:tab; } -int +int cfg_parse_local_zone(struct config_file* cfg, const char* val) { const char *type, *name_end, *name; @@ -2423,11 +2504,11 @@ cfg_parse_local_zone(struct config_file* cfg, const char* val) } if(strcmp(type, "nodefault")==0) { - return cfg_strlist_insert(&cfg->local_zones_nodefault, + return cfg_strlist_insert(&cfg->local_zones_nodefault, strdup(name)); #ifdef USE_IPSET } else if(strcmp(type, "ipset")==0) { - return cfg_strlist_insert(&cfg->local_zones_ipset, + return cfg_strlist_insert(&cfg->local_zones_ipset, strdup(name)); #endif } else { @@ -2482,7 +2563,7 @@ char* cfg_ptr_reverse(char* str) const char* hex = "0123456789abcdef"; char *p = buf; int i; - memmove(ad, &((struct sockaddr_in6*)&addr)->sin6_addr, + memmove(ad, &((struct sockaddr_in6*)&addr)->sin6_addr, sizeof(ad)); for(i=15; i>=0; i--) { uint8_t b = ad[i]; @@ -2494,7 +2575,7 @@ char* cfg_ptr_reverse(char* str) snprintf(buf+16*4, sizeof(buf)-16*4, "ip6.arpa. "); } else { uint8_t ad[4]; - memmove(ad, &((struct sockaddr_in*)&addr)->sin_addr, + memmove(ad, &((struct sockaddr_in*)&addr)->sin_addr, sizeof(ad)); snprintf(buf, sizeof(buf), "%u.%u.%u.%u.in-addr.arpa. ", (unsigned)ad[3], (unsigned)ad[2], @@ -2609,3 +2690,35 @@ int cfg_has_https(struct config_file* cfg) } return 0; } + +/** see if interface is PROXYv2, its port number == the proxy port number */ +int +if_is_pp2(const char* ifname, const char* port, + struct config_strlist* proxy_protocol_port) +{ + struct config_strlist* s; + char* p = strchr(ifname, '@'); + for(s = proxy_protocol_port; s; s = s->next) { + if(p && atoi(p+1) == atoi(s->str)) + return 1; + if(!p && atoi(port) == atoi(s->str)) + return 1; + } + return 0; +} + +/** see if interface is DNSCRYPT, its port number == the dnscrypt port number */ +int +if_is_dnscrypt(const char* ifname, const char* port, int dnscrypt_port) +{ +#ifdef USE_DNSCRYPT + return ((strchr(ifname, '@') && + atoi(strchr(ifname, '@')+1) == dnscrypt_port) || + (!strchr(ifname, '@') && atoi(port) == dnscrypt_port)); +#else + (void)ifname; + (void)port; + (void)dnscrypt_port; + return 0; +#endif +} |