diff options
Diffstat (limited to 'contrib/unbound/util/configparser.y')
-rw-r--r-- | contrib/unbound/util/configparser.y | 349 |
1 files changed, 315 insertions, 34 deletions
diff --git a/contrib/unbound/util/configparser.y b/contrib/unbound/util/configparser.y index c23534019e5e..0e4cd5960a29 100644 --- a/contrib/unbound/util/configparser.y +++ b/contrib/unbound/util/configparser.y @@ -47,11 +47,13 @@ #include "util/configyyrename.h" #include "util/config_file.h" #include "util/net_help.h" +#include "sldns/str2wire.h" int ub_c_lex(void); void ub_c_error(const char *message); static void validate_respip_action(const char* action); +static void validate_acl_action(const char* action); /* these need to be global, otherwise they cannot be used inside yacc */ extern struct config_parser_state* cfg_parser; @@ -72,9 +74,10 @@ extern struct config_parser_state* cfg_parser; %token VAR_FORCE_TOPLEVEL %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4 -%token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP +%token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_NAT64 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT +%token VAR_SOCK_QUEUE_TIMEOUT %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP @@ -122,6 +125,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA +%token VAR_NAT64_PREFIX %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE @@ -139,7 +143,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_DISABLE_DNSSEC_LAME_CHECK %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE -%token VAR_OUTBOUND_MSG_RETRY +%token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR %token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF @@ -174,12 +178,14 @@ extern struct config_parser_state* cfg_parser; %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT -%token VAR_CACHEDB_REDISEXPIRERECORDS +%token VAR_CACHEDB_REDISEXPIRERECORDS VAR_CACHEDB_REDISPATH VAR_CACHEDB_REDISPASSWORD +%token VAR_CACHEDB_REDISLOGICALDB %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT +%token VAR_ANSWER_COOKIE VAR_COOKIE_SECRET VAR_IP_RATELIMIT_COOKIE %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI @@ -190,6 +196,11 @@ extern struct config_parser_state* cfg_parser; %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID %token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE %token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE +%token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG +%token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA +%token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO +%token VAR_HARDEN_UNKNOWN_ADDITIONAL VAR_DISABLE_EDNS_DO VAR_CACHEDB_NO_STORE +%token VAR_LOG_DESTADDR %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -204,22 +215,25 @@ toplevelvar: serverstart contents_server | stubstart contents_stub | force_toplevel: VAR_FORCE_TOPLEVEL { OUTYY(("\nP(force-toplevel)\n")); + cfg_parser->started_toplevel = 0; } ; /* server: declaration */ serverstart: VAR_SERVER { OUTYY(("\nP(server:)\n")); + cfg_parser->started_toplevel = 1; } ; contents_server: contents_server content_server | ; content_server: server_num_threads | server_verbosity | server_port | server_outgoing_range | server_do_ip4 | - server_do_ip6 | server_prefer_ip4 | server_prefer_ip6 | - server_do_udp | server_do_tcp | + server_do_ip6 | server_do_nat64 | server_prefer_ip4 | + server_prefer_ip6 | server_do_udp | server_do_tcp | server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout | server_tcp_keepalive | server_tcp_keepalive_timeout | + server_sock_queue_timeout | server_interface | server_chroot | server_username | server_directory | server_logfile | server_pidfile | server_msg_cache_size | server_msg_cache_slabs | @@ -267,6 +281,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_so_reuseport | server_delay_close | server_udp_connect | server_unblock_lan_zones | server_insecure_lan_zones | server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa | + server_nat64_prefix | server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade | server_ip_transparent | server_ip_ratelimit | server_ratelimit | server_ip_dscp | server_infra_keep_probing | @@ -276,6 +291,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_ratelimit_below_domain | server_ratelimit_factor | server_ip_ratelimit_factor | server_ratelimit_backoff | server_ip_ratelimit_backoff | server_outbound_msg_retry | + server_max_sent_count | server_max_query_restarts | server_send_client_subnet | server_client_subnet_zone | server_client_subnet_always_forward | server_client_subnet_opcode | server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 | @@ -287,13 +303,15 @@ content_server: server_num_threads | server_verbosity | server_port | server_disable_dnssec_lame_check | server_access_control_tag | server_local_zone_override | server_access_control_tag_action | server_access_control_tag_data | server_access_control_view | + server_interface_action | server_interface_view | server_interface_tag | + server_interface_tag_action | server_interface_tag_data | server_qname_minimisation_strict | server_pad_responses | server_pad_responses_block_size | server_pad_queries | server_pad_queries_block_size | server_serve_expired | server_serve_expired_ttl | server_serve_expired_ttl_reset | server_serve_expired_reply_ttl | server_serve_expired_client_timeout | - server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa | + server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa | server_log_identity | server_use_systemd | server_response_ip_tag | server_response_ip | server_response_ip_data | server_shm_enable | server_shm_key | server_fake_sha1 | @@ -309,17 +327,21 @@ content_server: server_num_threads | server_verbosity | server_port | server_unknown_server_time_limit | server_log_tag_queryreply | server_stream_wait_size | server_tls_ciphers | server_tls_ciphersuites | server_tls_session_ticket_keys | + server_answer_cookie | server_cookie_secret | server_ip_ratelimit_cookie | server_tls_use_sni | server_edns_client_string | server_edns_client_string_opcode | server_nsid | server_zonemd_permissive_mode | server_max_reuse_tcp_queries | server_tcp_reuse_timeout | server_tcp_auth_query_timeout | - server_interface_automatic_ports | server_ede - + server_interface_automatic_ports | server_ede | + server_proxy_protocol_port | server_statistics_inhibit_zero | + server_harden_unknown_additional | server_disable_edns_do | + server_log_destaddr ; stubstart: VAR_STUB_ZONE { struct config_stub* s; OUTYY(("\nP(stub_zone:)\n")); + cfg_parser->started_toplevel = 1; s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); if(s) { s->next = cfg_parser->cfg->stubs; @@ -338,6 +360,7 @@ forwardstart: VAR_FORWARD_ZONE { struct config_stub* s; OUTYY(("\nP(forward_zone:)\n")); + cfg_parser->started_toplevel = 1; s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); if(s) { s->next = cfg_parser->cfg->forwards; @@ -356,6 +379,7 @@ viewstart: VAR_VIEW { struct config_view* s; OUTYY(("\nP(view:)\n")); + cfg_parser->started_toplevel = 1; s = (struct config_view*)calloc(1, sizeof(struct config_view)); if(s) { s->next = cfg_parser->cfg->views; @@ -376,6 +400,7 @@ authstart: VAR_AUTH_ZONE { struct config_auth* s; OUTYY(("\nP(auth_zone:)\n")); + cfg_parser->started_toplevel = 1; s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); if(s) { s->next = cfg_parser->cfg->auths; @@ -473,7 +498,8 @@ rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG rpzstart: VAR_RPZ { struct config_auth* s; - OUTYY(("\nP(rpz:)\n")); + OUTYY(("\nP(rpz:)\n")); + cfg_parser->started_toplevel = 1; s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); if(s) { s->next = cfg_parser->cfg->auths; @@ -488,7 +514,7 @@ rpzstart: VAR_RPZ } } ; -contents_rpz: contents_rpz content_rpz +contents_rpz: contents_rpz content_rpz | ; content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url | auth_allow_notify | rpz_action_override | rpz_cname_override | @@ -541,6 +567,15 @@ server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG free($2); } ; +server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG + { + OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0); + free($2); + } + ; server_shm_enable: VAR_SHM_ENABLE STRING_ARG { OUTYY(("P(server_shm_enable:%s)\n", $2)); @@ -827,6 +862,15 @@ server_do_ip6: VAR_DO_IP6 STRING_ARG free($2); } ; +server_do_nat64: VAR_DO_NAT64 STRING_ARG + { + OUTYY(("P(server_do_nat64:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->do_nat64 = (strcmp($2, "yes")==0); + free($2); + } + ; server_do_udp: VAR_DO_UDP STRING_ARG { OUTYY(("P(server_do_udp:%s)\n", $2)); @@ -949,6 +993,19 @@ server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG free($2); } ; +server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG + { + OUTYY(("P(server_sock_queue_timeout:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else if (atoi($2) > 6553500) + cfg_parser->cfg->sock_queue_timeout = 6553500; + else if (atoi($2) < 1) + cfg_parser->cfg->sock_queue_timeout = 0; + else cfg_parser->cfg->sock_queue_timeout = atoi($2); + free($2); + } + ; server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG { OUTYY(("P(server_tcp_upstream:%s)\n", $2)); @@ -1109,7 +1166,7 @@ server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG yyerror("expected yes or no."); else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0); free($2); - } + }; server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG { OUTYY(("P(server_http_notls_downstream:%s)\n", $2)); @@ -1195,6 +1252,15 @@ server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG free($2); } ; +server_log_destaddr: VAR_LOG_DESTADDR STRING_ARG + { + OUTYY(("P(server_log_destaddr:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->log_destaddr = (strcmp($2, "yes")==0); + free($2); + } + ; server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG { OUTYY(("P(server_log_local_actions:%s)\n", $2)); @@ -1755,6 +1821,16 @@ server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG free($2); } ; +server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG + { + OUTYY(("P(server_harden_unknown_additional:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->harden_unknown_additional = + (strcmp($2, "yes")==0); + free($2); + } + ; server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG { OUTYY(("P(server_use_caps_for_id:%s)\n", $2)); @@ -1842,21 +1918,18 @@ server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG { OUTYY(("P(server_access_control:%s %s)\n", $2, $3)); - if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 && - strcmp($3, "deny_non_local")!=0 && - strcmp($3, "refuse_non_local")!=0 && - strcmp($3, "allow_setrd")!=0 && - strcmp($3, "allow")!=0 && - strcmp($3, "allow_snoop")!=0) { - yyerror("expected deny, refuse, deny_non_local, " - "refuse_non_local, allow, allow_setrd or " - "allow_snoop in access control action"); - free($2); - free($3); - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3)) - fatal_exit("out of memory adding acl"); - } + validate_acl_action($3); + if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3)) + fatal_exit("out of memory adding acl"); + } + ; +server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG + { + OUTYY(("P(server_interface_action:%s %s)\n", $2, $3)); + validate_acl_action($3); + if(!cfg_str2list_insert( + &cfg_parser->cfg->interface_actions, $2, $3)) + fatal_exit("out of memory adding acl"); } ; server_module_conf: VAR_MODULE_CONF STRING_ARG @@ -1999,6 +2072,15 @@ server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG free($2); } ; +server_disable_edns_do: VAR_DISABLE_EDNS_DO STRING_ARG + { + OUTYY(("P(server_disable_edns_do:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->disable_edns_do = (strcmp($2, "yes")==0); + free($2); + } + ; server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG { OUTYY(("P(server_serve_expired:%s)\n", $2)); @@ -2149,6 +2231,7 @@ server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG (strcmp($2, "yes")==0); free($2); } + ; server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG { OUTYY(("P(server_key_cache_size:%s)\n", $2)); @@ -2186,6 +2269,7 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0 && strcmp($3, "typetransparent")!=0 && strcmp($3, "always_transparent")!=0 + && strcmp($3, "block_a")!=0 && strcmp($3, "always_refuse")!=0 && strcmp($3, "always_nxdomain")!=0 && strcmp($3, "always_nodata")!=0 @@ -2198,7 +2282,7 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " - "inform_redirect, always_transparent, " + "inform_redirect, always_transparent, block_a," "always_refuse, always_nxdomain, " "always_nodata, always_deny, always_null, " "noview, nodefault or ipset"); @@ -2313,6 +2397,13 @@ server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG fatal_exit("out of memory adding dns64-ignore-aaaa"); } ; +server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG + { + OUTYY(("P(nat64_prefix:%s)\n", $2)); + free(cfg_parser->cfg->nat64_prefix); + cfg_parser->cfg->nat64_prefix = $2; + } + ; server_define_tag: VAR_DEFINE_TAG STRING_ARG { char* p, *s = $2; @@ -2414,6 +2505,60 @@ server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG } } ; +server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG + { + size_t len = 0; + uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3, + &len); + free($3); + OUTYY(("P(server_interface_tag:%s)\n", $2)); + if(!bitlist) { + yyerror("could not parse tags, (define-tag them first)"); + free($2); + } + if(bitlist) { + if(!cfg_strbytelist_insert( + &cfg_parser->cfg->interface_tags, + $2, bitlist, len)) { + yyerror("out of memory"); + free($2); + } + } + } + ; +server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG + { + OUTYY(("P(server_interface_tag_action:%s %s %s)\n", $2, $3, $4)); + if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions, + $2, $3, $4)) { + yyerror("out of memory"); + free($2); + free($3); + free($4); + } + } + ; +server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG + { + OUTYY(("P(server_interface_tag_data:%s %s %s)\n", $2, $3, $4)); + if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas, + $2, $3, $4)) { + yyerror("out of memory"); + free($2); + free($3); + free($4); + } + } + ; +server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG + { + OUTYY(("P(server_interface_view:%s %s)\n", $2, $3)); + if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view, + $2, $3)) { + yyerror("out of memory"); + } + } + ; server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG { size_t len = 0; @@ -2444,6 +2589,15 @@ server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG free($2); } ; +server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG + { + OUTYY(("P(server_ip_ratelimit_cookie:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->ip_ratelimit_cookie = atoi($2); + free($2); + } + ; server_ratelimit: VAR_RATELIMIT STRING_ARG { OUTYY(("P(server_ratelimit:%s)\n", $2)); @@ -2572,6 +2726,24 @@ server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG free($2); } ; +server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG + { + OUTYY(("P(server_max_sent_count:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->max_sent_count = atoi($2); + free($2); + } + ; +server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG + { + OUTYY(("P(server_max_query_restarts:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->max_query_restarts = atoi($2); + free($2); + } + ; server_low_rtt: VAR_LOW_RTT STRING_ARG { OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n")); @@ -2621,7 +2793,7 @@ server_pad_responses: VAR_PAD_RESPONSES STRING_ARG OUTYY(("P(server_pad_responses:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); - else cfg_parser->cfg->pad_responses = + else cfg_parser->cfg->pad_responses = (strcmp($2, "yes")==0); free($2); } @@ -2640,7 +2812,7 @@ server_pad_queries: VAR_PAD_QUERIES STRING_ARG OUTYY(("P(server_pad_queries:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); - else cfg_parser->cfg->pad_queries = + else cfg_parser->cfg->pad_queries = (strcmp($2, "yes")==0); free($2); } @@ -2761,6 +2933,13 @@ server_ede: VAR_EDE STRING_ARG free($2); } ; +server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG + { + OUTYY(("P(server_proxy_protocol_port:%s)\n", $2)); + if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, $2)) + yyerror("out of memory"); + } + ; stub_name: VAR_NAME STRING_ARG { OUTYY(("P(name:%s)\n", $2)); @@ -3103,6 +3282,7 @@ view_first: VAR_VIEW_FIRST STRING_ARG rcstart: VAR_REMOTE_CONTROL { OUTYY(("\nP(remote-control:)\n")); + cfg_parser->started_toplevel = 1; } ; contents_rc: contents_rc content_rc @@ -3175,6 +3355,7 @@ rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG dtstart: VAR_DNSTAP { OUTYY(("\nP(dnstap:)\n")); + cfg_parser->started_toplevel = 1; } ; contents_dt: contents_dt content_dt @@ -3357,6 +3538,7 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES pythonstart: VAR_PYTHON { OUTYY(("\nP(python:)\n")); + cfg_parser->started_toplevel = 1; } ; contents_py: contents_py content_py @@ -3369,9 +3551,11 @@ py_script: VAR_PYTHON_SCRIPT STRING_ARG if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2)) yyerror("out of memory"); } + ; dynlibstart: VAR_DYNLIB - { - OUTYY(("\nP(dynlib:)\n")); + { + OUTYY(("\nP(dynlib:)\n")); + cfg_parser->started_toplevel = 1; } ; contents_dl: contents_dl content_dl @@ -3384,6 +3568,7 @@ dl_file: VAR_DYNLIB_FILE STRING_ARG if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2)) yyerror("out of memory"); } + ; server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG { OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2)); @@ -3421,6 +3606,7 @@ server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG dnscstart: VAR_DNSCRYPT { OUTYY(("\nP(dnscrypt:)\n")); + cfg_parser->started_toplevel = 1; } ; contents_dnsc: contents_dnsc content_dnsc @@ -3443,7 +3629,6 @@ dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG free($2); } ; - dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG { OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2)); @@ -3530,13 +3715,15 @@ dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG cachedbstart: VAR_CACHEDB { OUTYY(("\nP(cachedb:)\n")); + cfg_parser->started_toplevel = 1; } ; contents_cachedb: contents_cachedb content_cachedb | ; content_cachedb: cachedb_backend_name | cachedb_secret_seed | redis_server_host | redis_server_port | redis_timeout | - redis_expire_records + redis_expire_records | redis_server_path | redis_server_password | + cachedb_no_store | redis_logical_db ; cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG { @@ -3562,6 +3749,19 @@ cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG #endif } ; +cachedb_no_store: VAR_CACHEDB_NO_STORE STRING_ARG + { + #ifdef USE_CACHEDB + OUTYY(("P(cachedb_no_store:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->cachedb_no_store = (strcmp($2, "yes")==0); + #else + OUTYY(("P(Compiled without cachedb, ignoring)\n")); + #endif + free($2); + } + ; redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG { #if defined(USE_CACHEDB) && defined(USE_REDIS) @@ -3589,6 +3789,30 @@ redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG free($2); } ; +redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + OUTYY(("P(redis_server_path:%s)\n", $2)); + free(cfg_parser->cfg->redis_server_path); + cfg_parser->cfg->redis_server_path = $2; + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + free($2); + #endif + } + ; +redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + OUTYY(("P(redis_server_password:%s)\n", $2)); + free(cfg_parser->cfg->redis_server_password); + cfg_parser->cfg->redis_server_password = $2; + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + free($2); + #endif + } + ; redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG { #if defined(USE_CACHEDB) && defined(USE_REDIS) @@ -3615,6 +3839,21 @@ redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG free($2); } ; +redis_logical_db: VAR_CACHEDB_REDISLOGICALDB STRING_ARG + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + int db; + OUTYY(("P(redis_logical_db:%s)\n", $2)); + db = atoi($2); + if((db == 0 && strcmp($2, "0") != 0) || db < 0) + yyerror("valid redis logical database index expected"); + else cfg_parser->cfg->redis_logical_db = db; + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + #endif + free($2); + } + ; server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG { OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3)); @@ -3626,9 +3865,35 @@ server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG } } ; +server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG + { + OUTYY(("P(server_answer_cookie:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->do_answer_cookie = (strcmp($2, "yes")==0); + free($2); + } + ; +server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG + { + uint8_t secret[32]; + size_t secret_len = sizeof(secret); + + OUTYY(("P(server_cookie_secret:%s)\n", $2)); + if(sldns_str2wire_hex_buf($2, secret, &secret_len) + || (secret_len != 16)) + yyerror("expected 128 bit hex string"); + else { + cfg_parser->cfg->cookie_secret_len = secret_len; + memcpy(cfg_parser->cfg->cookie_secret, secret, sizeof(secret)); + } + free($2); + } + ; ipsetstart: VAR_IPSET { OUTYY(("\nP(ipset:)\n")); + cfg_parser->started_toplevel = 1; } ; contents_ipset: contents_ipset content_ipset @@ -3685,4 +3950,20 @@ validate_respip_action(const char* action) } } - +static void +validate_acl_action(const char* action) +{ + if(strcmp(action, "deny")!=0 && + strcmp(action, "refuse")!=0 && + strcmp(action, "deny_non_local")!=0 && + strcmp(action, "refuse_non_local")!=0 && + strcmp(action, "allow_setrd")!=0 && + strcmp(action, "allow")!=0 && + strcmp(action, "allow_snoop")!=0 && + strcmp(action, "allow_cookie")!=0) + { + yyerror("expected deny, refuse, deny_non_local, " + "refuse_non_local, allow, allow_setrd, " + "allow_snoop or allow_cookie as access control action"); + } +} |