aboutsummaryrefslogtreecommitdiff
path: root/contrib/unbound/util/config_file.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/unbound/util/config_file.c')
-rw-r--r--contrib/unbound/util/config_file.c229
1 files changed, 171 insertions, 58 deletions
diff --git a/contrib/unbound/util/config_file.c b/contrib/unbound/util/config_file.c
index 976cb976f48e..e8de5119ba68 100644
--- a/contrib/unbound/util/config_file.c
+++ b/contrib/unbound/util/config_file.c
@@ -4,22 +4,22 @@
* Copyright (c) 2007, NLnet Labs. All rights reserved.
*
* This software is open source.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
- *
+ *
* Neither the name of the NLNET LABS nor the names of its contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
@@ -55,6 +55,7 @@
#include "util/regional.h"
#include "util/fptr_wlist.h"
#include "util/data/dname.h"
+#include "util/random.h"
#include "util/rtt.h"
#include "services/cache/infra.h"
#include "sldns/wire2str.h"
@@ -87,7 +88,10 @@ struct config_parser_state* cfg_parser = 0;
/** init ports possible for use */
static void init_outgoing_availports(int* array, int num);
-struct config_file*
+/** init cookie with random data */
+static void init_cookie_secret(uint8_t* cookie_secret, size_t cookie_secret_len);
+
+struct config_file*
config_create(void)
{
struct config_file* cfg;
@@ -99,6 +103,7 @@ config_create(void)
cfg->stat_interval = 0;
cfg->stat_cumulative = 0;
cfg->stat_extended = 0;
+ cfg->stat_inhibit_zero = 1;
cfg->num_threads = 1;
cfg->port = UNBOUND_DNS_PORT;
cfg->do_ip4 = 1;
@@ -115,6 +120,7 @@ config_create(void)
cfg->tcp_auth_query_timeout = 3 * 1000; /* 3s in millisecs */
cfg->do_tcp_keepalive = 0;
cfg->tcp_keepalive_timeout = 120 * 1000; /* 120s in millisecs */
+ cfg->sock_queue_timeout = 0; /* do not check timeout */
cfg->ssl_service_key = NULL;
cfg->ssl_service_pem = NULL;
cfg->ssl_port = UNBOUND_DNS_OVER_TLS_PORT;
@@ -136,6 +142,7 @@ config_create(void)
cfg->log_tag_queryreply = 0;
cfg->log_local_actions = 0;
cfg->log_servfail = 0;
+ cfg->log_destaddr = 0;
#ifndef USE_WINSOCK
# ifdef USE_MINI_EVENT
/* select max 1024 sockets */
@@ -152,7 +159,7 @@ config_create(void)
cfg->outgoing_num_ports = 48; /* windows is limited in num fds */
cfg->num_queries_per_thread = 24;
cfg->outgoing_num_tcp = 2; /* leaves 64-52=12 for: 4if,1stop,thread4 */
- cfg->incoming_num_tcp = 2;
+ cfg->incoming_num_tcp = 2;
#endif
cfg->stream_wait_size = 4 * 1024 * 1024;
cfg->edns_buffer_size = 1232; /* from DNS flagday recommendation */
@@ -232,6 +239,7 @@ config_create(void)
cfg->harden_below_nxdomain = 1;
cfg->harden_referral_path = 0;
cfg->harden_algo_downgrade = 0;
+ cfg->harden_unknown_additional = 0;
cfg->use_caps_bits_for_id = 0;
cfg->caps_whitelist = NULL;
cfg->private_address = NULL;
@@ -264,6 +272,7 @@ config_create(void)
cfg->val_permissive_mode = 0;
cfg->aggressive_nsec = 1;
cfg->ignore_cd = 0;
+ cfg->disable_edns_do = 0;
cfg->serve_expired = 0;
cfg->serve_expired_ttl = 0;
cfg->serve_expired_ttl_reset = 0;
@@ -299,14 +308,14 @@ config_create(void)
cfg->minimal_responses = 1;
cfg->rrset_roundrobin = 1;
cfg->unknown_server_time_limit = 376;
- cfg->max_udp_size = 4096;
- if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key")))
+ cfg->max_udp_size = 1232; /* value taken from edns_buffer_size */
+ if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key")))
goto error_exit;
- if(!(cfg->server_cert_file = strdup(RUN_DIR"/unbound_server.pem")))
+ if(!(cfg->server_cert_file = strdup(RUN_DIR"/unbound_server.pem")))
goto error_exit;
- if(!(cfg->control_key_file = strdup(RUN_DIR"/unbound_control.key")))
+ if(!(cfg->control_key_file = strdup(RUN_DIR"/unbound_control.key")))
goto error_exit;
- if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem")))
+ if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem")))
goto error_exit;
#ifdef CLIENT_SUBNET
@@ -314,7 +323,7 @@ config_create(void)
#else
if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit;
#endif
- if(!(cfg->val_nsec3_key_iterations =
+ if(!(cfg->val_nsec3_key_iterations =
strdup("1024 150 2048 150 4096 150"))) goto error_exit;
#if defined(DNSTAP_SOCKET_PATH)
if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH)))
@@ -323,6 +332,7 @@ config_create(void)
cfg->dnstap_bidirectional = 1;
cfg->dnstap_tls = 1;
cfg->disable_dnssec_lame_check = 0;
+ cfg->ip_ratelimit_cookie = 0;
cfg->ip_ratelimit = 0;
cfg->ratelimit = 0;
cfg->ip_ratelimit_slabs = 4;
@@ -336,6 +346,8 @@ config_create(void)
cfg->ip_ratelimit_backoff = 0;
cfg->ratelimit_backoff = 0;
cfg->outbound_msg_retry = 5;
+ cfg->max_sent_count = 32;
+ cfg->max_query_restarts = 11;
cfg->qname_minimisation = 1;
cfg->qname_minimisation_strict = 0;
cfg->shm_enable = 0;
@@ -364,14 +376,22 @@ config_create(void)
cfg->ipsecmod_whitelist = NULL;
cfg->ipsecmod_strict = 0;
#endif
+ cfg->do_answer_cookie = 0;
+ memset(cfg->cookie_secret, 0, sizeof(cfg->cookie_secret));
+ cfg->cookie_secret_len = 16;
+ init_cookie_secret(cfg->cookie_secret, cfg->cookie_secret_len);
#ifdef USE_CACHEDB
if(!(cfg->cachedb_backend = strdup("testframe"))) goto error_exit;
if(!(cfg->cachedb_secret = strdup("default"))) goto error_exit;
+ cfg->cachedb_no_store = 0;
#ifdef USE_REDIS
if(!(cfg->redis_server_host = strdup("127.0.0.1"))) goto error_exit;
+ cfg->redis_server_path = NULL;
+ cfg->redis_server_password = NULL;
cfg->redis_timeout = 100;
cfg->redis_server_port = 6379;
cfg->redis_expire_records = 0;
+ cfg->redis_logical_db = 0;
#endif /* USE_REDIS */
#endif /* USE_CACHEDB */
#ifdef USE_IPSET
@@ -484,10 +504,10 @@ int config_set_option(struct config_file* cfg, const char* opt,
/* not supported, library must have 1 thread in bgworker */
return 0;
} else if(strcmp(opt, "outgoing-port-permit:") == 0) {
- return cfg_mark_ports(val, 1,
+ return cfg_mark_ports(val, 1,
cfg->outgoing_avail_ports, 65536);
} else if(strcmp(opt, "outgoing-port-avoid:") == 0) {
- return cfg_mark_ports(val, 0,
+ return cfg_mark_ports(val, 0,
cfg->outgoing_avail_ports, 65536);
} else if(strcmp(opt, "local-zone:") == 0) {
return cfg_parse_local_zone(cfg, val);
@@ -501,7 +521,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
if(atoi(val) == 0) return 0;
cfg->val_date_override = (uint32_t)atoi(val);
}
- } else if(strcmp(opt, "local-data-ptr:") == 0) {
+ } else if(strcmp(opt, "local-data-ptr:") == 0) {
char* ptr = cfg_ptr_reverse((char*)opt);
return cfg_strlist_insert(&cfg->local_data, ptr);
} else if(strcmp(opt, "logfile:") == 0) {
@@ -516,6 +536,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_YNO("use-syslog:", use_syslog)
else S_STR("log-identity:", log_identity)
else S_YNO("extended-statistics:", stat_extended)
+ else S_YNO("statistics-inhibit-zero:", stat_inhibit_zero)
else S_YNO("statistics-cumulative:", stat_cumulative)
else S_YNO("shm-enable:", shm_enable)
else S_NUMBER_OR_ZERO("shm-key:", shm_key)
@@ -536,6 +557,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_NUMBER_NONZERO("tcp-reuse-timeout:", tcp_reuse_timeout)
else S_YNO("edns-tcp-keepalive:", do_tcp_keepalive)
else S_NUMBER_NONZERO("edns-tcp-keepalive-timeout:", tcp_keepalive_timeout)
+ else S_NUMBER_OR_ZERO("sock-queue-timeout:", sock_queue_timeout)
else S_YNO("ssl-upstream:", ssl_upstream)
else S_YNO("tls-upstream:", ssl_upstream)
else S_STR("ssl-service-key:", ssl_service_key)
@@ -645,6 +667,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_YNO("harden-below-nxdomain:", harden_below_nxdomain)
else S_YNO("harden-referral-path:", harden_referral_path)
else S_YNO("harden-algo-downgrade:", harden_algo_downgrade)
+ else S_YNO("harden-unknown-additional:", harden_unknown_additional)
else S_YNO("use-caps-for-id:", use_caps_bits_for_id)
else S_STRLIST("caps-whitelist:", caps_whitelist)
else S_SIZET_OR_ZERO("unwanted-reply-threshold:", unwanted_threshold)
@@ -668,9 +691,11 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_YNO("log-tag-queryreply:", log_tag_queryreply)
else S_YNO("log-local-actions:", log_local_actions)
else S_YNO("log-servfail:", log_servfail)
+ else S_YNO("log-destaddr:", log_destaddr)
else S_YNO("val-permissive-mode:", val_permissive_mode)
else S_YNO("aggressive-nsec:", aggressive_nsec)
else S_YNO("ignore-cd-flag:", ignore_cd)
+ else S_YNO("disable-edns-do:", disable_edns_do)
else if(strcmp(opt, "serve-expired:") == 0)
{ IS_YES_OR_NO; cfg->serve_expired = (strcmp(val, "yes") == 0);
SERVE_EXPIRED = cfg->serve_expired; }
@@ -680,7 +705,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else if(strcmp(opt, "serve-expired-reply-ttl:") == 0)
{ IS_NUMBER_OR_ZERO; cfg->serve_expired_reply_ttl = atoi(val); SERVE_EXPIRED_REPLY_TTL=(time_t)cfg->serve_expired_reply_ttl;}
else S_NUMBER_OR_ZERO("serve-expired-client-timeout:", serve_expired_client_timeout)
- else S_YNO("ede:", ede)
+ else S_YNO("ede:", ede)
else S_YNO("ede-serve-expired:", ede_serve_expired)
else S_YNO("serve-original-ttl:", serve_original_ttl)
else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations)
@@ -761,6 +786,10 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_POW2("dnscrypt-nonce-cache-slabs:",
dnscrypt_nonce_cache_slabs)
#endif
+ else if(strcmp(opt, "ip-ratelimit-cookie:") == 0) {
+ IS_NUMBER_OR_ZERO; cfg->ip_ratelimit_cookie = atoi(val);
+ infra_ip_ratelimit_cookie=cfg->ip_ratelimit_cookie;
+ }
else if(strcmp(opt, "ip-ratelimit:") == 0) {
IS_NUMBER_OR_ZERO; cfg->ip_ratelimit = atoi(val);
infra_ip_ratelimit=cfg->ip_ratelimit;
@@ -778,6 +807,8 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_YNO("ip-ratelimit-backoff:", ip_ratelimit_backoff)
else S_YNO("ratelimit-backoff:", ratelimit_backoff)
else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry)
+ else S_NUMBER_NONZERO("max-sent-count:", max_sent_count)
+ else S_NUMBER_NONZERO("max-query-restarts:", max_query_restarts)
else S_SIZET_NONZERO("fast-server-num:", fast_server_num)
else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil)
else S_YNO("qname-minimisation:", qname_minimisation)
@@ -786,6 +817,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_SIZET_NONZERO("pad-responses-block-size:", pad_responses_block_size)
else S_YNO("pad-queries:", pad_queries)
else S_SIZET_NONZERO("pad-queries-block-size:", pad_queries_block_size)
+ else S_STRLIST("proxy-protocol-port:", proxy_protocol_port)
#ifdef USE_IPSECMOD
else S_YNO("ipsecmod-enabled:", ipsecmod_enabled)
else S_YNO("ipsecmod-ignore-bogus:", ipsecmod_ignore_bogus)
@@ -793,6 +825,9 @@ int config_set_option(struct config_file* cfg, const char* opt,
{ IS_NUMBER_OR_ZERO; cfg->ipsecmod_max_ttl = atoi(val); }
else S_YNO("ipsecmod-strict:", ipsecmod_strict)
#endif
+#ifdef USE_CACHEDB
+ else S_YNO("cachedb-no-store:", cachedb_no_store)
+#endif /* USE_CACHEDB */
else if(strcmp(opt, "define-tag:") ==0) {
return config_add_tag(cfg, val);
/* val_sig_skew_min, max and val_max_restart are copied into val_env
@@ -805,7 +840,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
{ IS_NUMBER_OR_ZERO; cfg->val_max_restart = (int32_t)atoi(val); }
else if (strcmp(opt, "outgoing-interface:") == 0) {
char* d = strdup(val);
- char** oi =
+ char** oi =
(char**)reallocarray(NULL, (size_t)cfg->num_out_ifs+1, sizeof(char*));
if(!d || !oi) { free(d); free(oi); return -1; }
if(cfg->out_ifs && cfg->num_out_ifs) {
@@ -822,7 +857,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
* stub-ssl-upstream, forward-zone, auth-zone
* name, forward-addr, forward-host,
* ratelimit-for-domain, ratelimit-below-domain,
- * local-zone-tag, access-control-view,
+ * local-zone-tag, access-control-view, interface-*,
* send-client-subnet, client-subnet-always-forward,
* max-client-subnet-ipv4, max-client-subnet-ipv6,
* min-client-subnet-ipv4, min-client-subnet-ipv6,
@@ -900,7 +935,7 @@ config_collate_cat(struct config_strlist* list)
for(s=list; s; s=s->next)
total += strlen(s->str) + 1; /* len + newline */
left = total+1; /* one extra for nul at end */
- r = malloc(left);
+ r = malloc(left);
if(!r)
return NULL;
w = r;
@@ -979,7 +1014,7 @@ config_collate_cat(struct config_strlist* list)
}
int
-config_get_option(struct config_file* cfg, const char* opt,
+config_get_option(struct config_file* cfg, const char* opt,
void (*func)(char*,void*), void* arg)
{
char buf[1024], nopt[64];
@@ -995,6 +1030,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "statistics-interval", stat_interval)
else O_YNO(opt, "statistics-cumulative", stat_cumulative)
else O_YNO(opt, "extended-statistics", stat_extended)
+ else O_YNO(opt, "statistics-inhibit-zero", stat_inhibit_zero)
else O_YNO(opt, "shm-enable", shm_enable)
else O_DEC(opt, "shm-key", shm_key)
else O_YNO(opt, "use-syslog", use_syslog)
@@ -1054,6 +1090,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "tcp-reuse-timeout", tcp_reuse_timeout)
else O_YNO(opt, "edns-tcp-keepalive", do_tcp_keepalive)
else O_DEC(opt, "edns-tcp-keepalive-timeout", tcp_keepalive_timeout)
+ else O_DEC(opt, "sock-queue-timeout", sock_queue_timeout)
else O_YNO(opt, "ssl-upstream", ssl_upstream)
else O_YNO(opt, "tls-upstream", ssl_upstream)
else O_STR(opt, "ssl-service-key", ssl_service_key)
@@ -1092,6 +1129,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_YNO(opt, "log-tag-queryreply", log_tag_queryreply)
else O_YNO(opt, "log-local-actions", log_local_actions)
else O_YNO(opt, "log-servfail", log_servfail)
+ else O_YNO(opt, "log-destaddr", log_destaddr)
else O_STR(opt, "pidfile", pidfile)
else O_YNO(opt, "hide-identity", hide_identity)
else O_YNO(opt, "hide-version", hide_version)
@@ -1109,6 +1147,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_YNO(opt, "harden-below-nxdomain", harden_below_nxdomain)
else O_YNO(opt, "harden-referral-path", harden_referral_path)
else O_YNO(opt, "harden-algo-downgrade", harden_algo_downgrade)
+ else O_YNO(opt, "harden-unknown-additional", harden_unknown_additional)
else O_YNO(opt, "use-caps-for-id", use_caps_bits_for_id)
else O_LST(opt, "caps-whitelist", caps_whitelist)
else O_DEC(opt, "unwanted-reply-threshold", unwanted_threshold)
@@ -1120,6 +1159,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_YNO(opt, "val-permissive-mode", val_permissive_mode)
else O_YNO(opt, "aggressive-nsec", aggressive_nsec)
else O_YNO(opt, "ignore-cd-flag", ignore_cd)
+ else O_YNO(opt, "disable-edns-do", disable_edns_do)
else O_YNO(opt, "serve-expired", serve_expired)
else O_DEC(opt, "serve-expired-ttl", serve_expired_ttl)
else O_YNO(opt, "serve-expired-ttl-reset", serve_expired_ttl_reset)
@@ -1224,6 +1264,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_LST(opt, "python-script", python_script)
else O_LST(opt, "dynlib-file", dynlib_file)
else O_YNO(opt, "disable-dnssec-lame-check", disable_dnssec_lame_check)
+ else O_DEC(opt, "ip-ratelimit-cookie", ip_ratelimit_cookie)
else O_DEC(opt, "ip-ratelimit", ip_ratelimit)
else O_DEC(opt, "ratelimit", ratelimit)
else O_MEM(opt, "ip-ratelimit-size", ip_ratelimit_size)
@@ -1237,6 +1278,8 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_YNO(opt, "ip-ratelimit-backoff", ip_ratelimit_backoff)
else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff)
else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry)
+ else O_UNS(opt, "max-sent-count", max_sent_count)
+ else O_UNS(opt, "max-query-restarts", max_query_restarts)
else O_DEC(opt, "fast-server-num", fast_server_num)
else O_DEC(opt, "fast-server-permil", fast_server_permil)
else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
@@ -1252,11 +1295,17 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_LS3(opt, "access-control-tag-action", acl_tag_actions)
else O_LS3(opt, "access-control-tag-data", acl_tag_datas)
else O_LS2(opt, "access-control-view", acl_view)
+ else O_LS2(opt, "interface-action", interface_actions)
+ else O_LTG(opt, "interface-tag", interface_tags)
+ else O_LS3(opt, "interface-tag-action", interface_tag_actions)
+ else O_LS3(opt, "interface-tag-data", interface_tag_datas)
+ else O_LS2(opt, "interface-view", interface_view)
else O_YNO(opt, "pad-responses", pad_responses)
else O_DEC(opt, "pad-responses-block-size", pad_responses_block_size)
else O_YNO(opt, "pad-queries", pad_queries)
else O_DEC(opt, "pad-queries-block-size", pad_queries_block_size)
else O_LS2(opt, "edns-client-strings", edns_client_strings)
+ else O_LST(opt, "proxy-protocol-port", proxy_protocol_port)
#ifdef USE_IPSECMOD
else O_YNO(opt, "ipsecmod-enabled", ipsecmod_enabled)
else O_YNO(opt, "ipsecmod-ignore-bogus", ipsecmod_ignore_bogus)
@@ -1268,11 +1317,15 @@ config_get_option(struct config_file* cfg, const char* opt,
#ifdef USE_CACHEDB
else O_STR(opt, "backend", cachedb_backend)
else O_STR(opt, "secret-seed", cachedb_secret)
+ else O_YNO(opt, "cachedb-no-store", cachedb_no_store)
#ifdef USE_REDIS
else O_STR(opt, "redis-server-host", redis_server_host)
else O_DEC(opt, "redis-server-port", redis_server_port)
+ else O_STR(opt, "redis-server-path", redis_server_path)
+ else O_STR(opt, "redis-server-password", redis_server_password)
else O_DEC(opt, "redis-timeout", redis_timeout)
else O_YNO(opt, "redis-expire-records", redis_expire_records)
+ else O_DEC(opt, "redis-logical-db", redis_logical_db)
#endif /* USE_REDIS */
#endif /* USE_CACHEDB */
#ifdef USE_IPSET
@@ -1302,10 +1355,11 @@ create_cfg_parser(struct config_file* cfg, char* filename, const char* chroot)
cfg_parser->errors = 0;
cfg_parser->cfg = cfg;
cfg_parser->chroot = chroot;
+ cfg_parser->started_toplevel = 0;
init_cfg_parse();
}
-int
+int
config_read(struct config_file* cfg, const char* filename, const char* chroot)
{
FILE *in;
@@ -1345,7 +1399,7 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot)
if(r == GLOB_NOMATCH) {
verbose(VERB_QUERY, "include: "
"no matches for %s", fname);
- return 1;
+ return 1;
} else if(r == GLOB_NOSPACE) {
log_err("include: %s: "
"fnametern out of memory", fname);
@@ -1544,7 +1598,7 @@ config_del_strbytelist(struct config_strbytelist* p)
}
}
-void
+void
config_delete(struct config_file* cfg)
{
if(!cfg) return;
@@ -1606,15 +1660,22 @@ config_delete(struct config_file* cfg)
config_deltrplstrlist(cfg->local_zone_overrides);
config_del_strarray(cfg->tagname, cfg->num_tags);
config_del_strbytelist(cfg->local_zone_tags);
- config_del_strbytelist(cfg->acl_tags);
config_del_strbytelist(cfg->respip_tags);
+ config_deldblstrlist(cfg->acl_view);
+ config_del_strbytelist(cfg->acl_tags);
config_deltrplstrlist(cfg->acl_tag_actions);
config_deltrplstrlist(cfg->acl_tag_datas);
+ config_deldblstrlist(cfg->interface_actions);
+ config_deldblstrlist(cfg->interface_view);
+ config_del_strbytelist(cfg->interface_tags);
+ config_deltrplstrlist(cfg->interface_tag_actions);
+ config_deltrplstrlist(cfg->interface_tag_datas);
config_delstrlist(cfg->control_ifs.first);
free(cfg->server_key_file);
free(cfg->server_cert_file);
free(cfg->control_key_file);
free(cfg->control_cert_file);
+ free(cfg->nat64_prefix);
free(cfg->dns64_prefix);
config_delstrlist(cfg->dns64_ignore_aaaa);
free(cfg->dnstap_socket_path);
@@ -1630,6 +1691,7 @@ config_delete(struct config_file* cfg)
config_delstrlist(cfg->python_script);
config_delstrlist(cfg->dynlib_file);
config_deldblstrlist(cfg->edns_client_strings);
+ config_delstrlist(cfg->proxy_protocol_port);
#ifdef USE_IPSECMOD
free(cfg->ipsecmod_hook);
config_delstrlist(cfg->ipsecmod_whitelist);
@@ -1639,6 +1701,8 @@ config_delete(struct config_file* cfg)
free(cfg->cachedb_secret);
#ifdef USE_REDIS
free(cfg->redis_server_host);
+ free(cfg->redis_server_path);
+ free(cfg->redis_server_password);
#endif /* USE_REDIS */
#endif /* USE_CACHEDB */
#ifdef USE_IPSET
@@ -1648,7 +1712,21 @@ config_delete(struct config_file* cfg)
free(cfg);
}
-static void
+static void
+init_cookie_secret(uint8_t* cookie_secret, size_t cookie_secret_len)
+{
+ struct ub_randstate *rand = ub_initstate(NULL);
+
+ if (!rand)
+ fatal_exit("could not init random generator");
+ while (cookie_secret_len) {
+ *cookie_secret++ = (uint8_t)ub_random(rand);
+ cookie_secret_len--;
+ }
+ ub_randfree(rand);
+}
+
+static void
init_outgoing_availports(int* a, int num)
{
/* generated with make iana_update */
@@ -1661,7 +1739,7 @@ init_outgoing_availports(int* a, int num)
for(i=1024; i<num; i++) {
a[i] = i;
}
- /* create empty spot at 49152 to keep ephemeral ports available
+ /* create empty spot at 49152 to keep ephemeral ports available
* to other programs */
for(i=49152; i<49152+256; i++)
a[i] = 0;
@@ -1672,7 +1750,7 @@ init_outgoing_availports(int* a, int num)
}
}
-int
+int
cfg_mark_ports(const char* str, int allow, int* avail, int num)
{
char* mid = strchr(str, '-');
@@ -1717,7 +1795,7 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
return 1;
}
-int
+int
cfg_scan_ports(int* avail, int num)
{
int i;
@@ -1800,6 +1878,9 @@ void ub_c_error_msg(const char* fmt, ...)
void ub_c_error(const char *str)
{
cfg_parser->errors++;
+ if(strcmp(str, "syntax error")==0 && cfg_parser->started_toplevel ==0)
+ str = "syntax error, is there no section start after an "
+ "include-toplevel directive perhaps.";
fprintf(stderr, "%s:%d: error: %s\n", cfg_parser->filename,
cfg_parser->line, str);
}
@@ -1831,7 +1912,7 @@ int cfg_strlist_append(struct config_strlist_head* list, char* item)
return 1;
}
-int
+int
cfg_region_strlist_insert(struct regional* region,
struct config_strlist** head, char* item)
{
@@ -1864,7 +1945,7 @@ cfg_strlist_find(struct config_strlist* head, const char *item)
return NULL;
}
-int
+int
cfg_strlist_insert(struct config_strlist** head, char* item)
{
struct config_strlist *s;
@@ -1894,7 +1975,7 @@ cfg_strlist_append_ex(struct config_strlist** head, char* item)
return 0;
s->str = item;
s->next = NULL;
-
+
if (*head==NULL) {
*head = s;
} else {
@@ -1904,11 +1985,11 @@ cfg_strlist_append_ex(struct config_strlist** head, char* item)
}
last->next = s;
}
-
- return 1;
+
+ return 1;
}
-int
+int
cfg_str2list_insert(struct config_str2list** head, char* item, char* i2)
{
struct config_str2list *s;
@@ -1930,7 +2011,7 @@ cfg_str2list_insert(struct config_str2list** head, char* item, char* i2)
return 1;
}
-int
+int
cfg_str3list_insert(struct config_str3list** head, char* item, char* i2,
char* i3)
{
@@ -1966,7 +2047,7 @@ cfg_strbytelist_insert(struct config_strbytelist** head, char* item,
return 1;
}
-time_t
+time_t
cfg_convert_timeval(const char* str)
{
time_t t;
@@ -1974,7 +2055,7 @@ cfg_convert_timeval(const char* str)
memset(&tm, 0, sizeof(tm));
if(strlen(str) < 14)
return 0;
- if(sscanf(str, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon,
+ if(sscanf(str, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon,
&tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6)
return 0;
tm.tm_year -= 1900;
@@ -1991,7 +2072,7 @@ cfg_convert_timeval(const char* str)
return t;
}
-int
+int
cfg_count_numbers(const char* s)
{
/* format ::= (sp num)+ sp */
@@ -2026,7 +2107,7 @@ static int isalldigit(const char* str, size_t l)
return 1;
}
-int
+int
cfg_parse_memsize(const char* str, size_t* res)
{
size_t len;
@@ -2042,11 +2123,11 @@ cfg_parse_memsize(const char* str, size_t* res)
/* check appended num */
while(len>0 && str[len-1]==' ')
len--;
- if(len > 1 && str[len-1] == 'b')
+ if(len > 1 && str[len-1] == 'b')
len--;
- else if(len > 1 && str[len-1] == 'B')
+ else if(len > 1 && str[len-1] == 'B')
len--;
-
+
if(len > 1 && tolower((unsigned char)str[len-1]) == 'g')
mult = 1024*1024*1024;
else if(len > 1 && tolower((unsigned char)str[len-1]) == 'm')
@@ -2133,7 +2214,7 @@ uint8_t* config_parse_taglist(struct config_file* cfg, char* str,
log_err("out of memory");
return 0;
}
-
+
/* parse */
s = str;
while((p=strsep(&s, " \t\n")) != NULL) {
@@ -2219,7 +2300,7 @@ int taglist_intersect(uint8_t* list1, size_t list1len, const uint8_t* list2,
return 0;
}
-void
+void
config_apply(struct config_file* config)
{
MAX_TTL = (time_t)config->max_ttl;
@@ -2261,7 +2342,7 @@ void config_lookup_uid(struct config_file* cfg)
#endif
}
-/**
+/**
* Calculate string length of full pathname in original filesys
* @param fname: the path name to convert.
* Must not be null or empty.
@@ -2275,7 +2356,7 @@ strlen_after_chroot(const char* fname, struct config_file* cfg, int use_chdir)
{
size_t len = 0;
int slashit = 0;
- if(cfg->chrootdir && cfg->chrootdir[0] &&
+ if(cfg->chrootdir && cfg->chrootdir[0] &&
strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) {
/* already full pathname, return it */
return strlen(fname);
@@ -2298,8 +2379,8 @@ strlen_after_chroot(const char* fname, struct config_file* cfg, int use_chdir)
/* prepend chdir */
if(slashit && cfg->directory[0] != '/')
len++;
- if(cfg->chrootdir && cfg->chrootdir[0] &&
- strncmp(cfg->chrootdir, cfg->directory,
+ if(cfg->chrootdir && cfg->chrootdir[0] &&
+ strncmp(cfg->chrootdir, cfg->directory,
strlen(cfg->chrootdir)) == 0)
len += strlen(cfg->directory)-strlen(cfg->chrootdir);
else len += strlen(cfg->directory);
@@ -2322,7 +2403,7 @@ fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir)
return NULL;
buf[0] = 0;
/* is fname already in chroot ? */
- if(cfg->chrootdir && cfg->chrootdir[0] &&
+ if(cfg->chrootdir && cfg->chrootdir[0] &&
strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) {
/* already full pathname, return it */
(void)strlcpy(buf, fname, len);
@@ -2348,10 +2429,10 @@ fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir)
if(slashit && cfg->directory[0] != '/')
(void)strlcat(buf, "/", len);
/* is the directory already in the chroot? */
- if(cfg->chrootdir && cfg->chrootdir[0] &&
- strncmp(cfg->chrootdir, cfg->directory,
+ if(cfg->chrootdir && cfg->chrootdir[0] &&
+ strncmp(cfg->chrootdir, cfg->directory,
strlen(cfg->chrootdir)) == 0)
- (void)strlcat(buf, cfg->directory+strlen(cfg->chrootdir),
+ (void)strlcat(buf, cfg->directory+strlen(cfg->chrootdir),
len);
else (void)strlcat(buf, cfg->directory, len);
slashit = 1;
@@ -2388,7 +2469,7 @@ static char* last_space_pos(const char* str)
return (sp>tab)?sp:tab;
}
-int
+int
cfg_parse_local_zone(struct config_file* cfg, const char* val)
{
const char *type, *name_end, *name;
@@ -2423,11 +2504,11 @@ cfg_parse_local_zone(struct config_file* cfg, const char* val)
}
if(strcmp(type, "nodefault")==0) {
- return cfg_strlist_insert(&cfg->local_zones_nodefault,
+ return cfg_strlist_insert(&cfg->local_zones_nodefault,
strdup(name));
#ifdef USE_IPSET
} else if(strcmp(type, "ipset")==0) {
- return cfg_strlist_insert(&cfg->local_zones_ipset,
+ return cfg_strlist_insert(&cfg->local_zones_ipset,
strdup(name));
#endif
} else {
@@ -2482,7 +2563,7 @@ char* cfg_ptr_reverse(char* str)
const char* hex = "0123456789abcdef";
char *p = buf;
int i;
- memmove(ad, &((struct sockaddr_in6*)&addr)->sin6_addr,
+ memmove(ad, &((struct sockaddr_in6*)&addr)->sin6_addr,
sizeof(ad));
for(i=15; i>=0; i--) {
uint8_t b = ad[i];
@@ -2494,7 +2575,7 @@ char* cfg_ptr_reverse(char* str)
snprintf(buf+16*4, sizeof(buf)-16*4, "ip6.arpa. ");
} else {
uint8_t ad[4];
- memmove(ad, &((struct sockaddr_in*)&addr)->sin_addr,
+ memmove(ad, &((struct sockaddr_in*)&addr)->sin_addr,
sizeof(ad));
snprintf(buf, sizeof(buf), "%u.%u.%u.%u.in-addr.arpa. ",
(unsigned)ad[3], (unsigned)ad[2],
@@ -2609,3 +2690,35 @@ int cfg_has_https(struct config_file* cfg)
}
return 0;
}
+
+/** see if interface is PROXYv2, its port number == the proxy port number */
+int
+if_is_pp2(const char* ifname, const char* port,
+ struct config_strlist* proxy_protocol_port)
+{
+ struct config_strlist* s;
+ char* p = strchr(ifname, '@');
+ for(s = proxy_protocol_port; s; s = s->next) {
+ if(p && atoi(p+1) == atoi(s->str))
+ return 1;
+ if(!p && atoi(port) == atoi(s->str))
+ return 1;
+ }
+ return 0;
+}
+
+/** see if interface is DNSCRYPT, its port number == the dnscrypt port number */
+int
+if_is_dnscrypt(const char* ifname, const char* port, int dnscrypt_port)
+{
+#ifdef USE_DNSCRYPT
+ return ((strchr(ifname, '@') &&
+ atoi(strchr(ifname, '@')+1) == dnscrypt_port) ||
+ (!strchr(ifname, '@') && atoi(port) == dnscrypt_port));
+#else
+ (void)ifname;
+ (void)port;
+ (void)dnscrypt_port;
+ return 0;
+#endif
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-16 23:46:13 +0000