aboutsummaryrefslogtreecommitdiff
path: root/contrib/unbound/util/configparser.y
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/unbound/util/configparser.y')
-rw-r--r--contrib/unbound/util/configparser.y349
1 files changed, 315 insertions, 34 deletions
diff --git a/contrib/unbound/util/configparser.y b/contrib/unbound/util/configparser.y
index c23534019e5e..0e4cd5960a29 100644
--- a/contrib/unbound/util/configparser.y
+++ b/contrib/unbound/util/configparser.y
@@ -47,11 +47,13 @@
#include "util/configyyrename.h"
#include "util/config_file.h"
#include "util/net_help.h"
+#include "sldns/str2wire.h"
int ub_c_lex(void);
void ub_c_error(const char *message);
static void validate_respip_action(const char* action);
+static void validate_acl_action(const char* action);
/* these need to be global, otherwise they cannot be used inside yacc */
extern struct config_parser_state* cfg_parser;
@@ -72,9 +74,10 @@ extern struct config_parser_state* cfg_parser;
%token VAR_FORCE_TOPLEVEL
%token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
%token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
-%token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
+%token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_NAT64 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
%token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
%token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
+%token VAR_SOCK_QUEUE_TIMEOUT
%token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
%token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
%token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
@@ -122,6 +125,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
%token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
+%token VAR_NAT64_PREFIX
%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
%token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
%token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
@@ -139,7 +143,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_DISABLE_DNSSEC_LAME_CHECK
%token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
%token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
-%token VAR_OUTBOUND_MSG_RETRY
+%token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS
%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
%token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
%token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
@@ -174,12 +178,14 @@ extern struct config_parser_state* cfg_parser;
%token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
%token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
%token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
-%token VAR_CACHEDB_REDISEXPIRERECORDS
+%token VAR_CACHEDB_REDISEXPIRERECORDS VAR_CACHEDB_REDISPATH VAR_CACHEDB_REDISPASSWORD
+%token VAR_CACHEDB_REDISLOGICALDB
%token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
%token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
%token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
%token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
%token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
+%token VAR_ANSWER_COOKIE VAR_COOKIE_SECRET VAR_IP_RATELIMIT_COOKIE
%token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
%token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
%token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
@@ -190,6 +196,11 @@ extern struct config_parser_state* cfg_parser;
%token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
%token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE
%token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
+%token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
+%token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
+%token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO
+%token VAR_HARDEN_UNKNOWN_ADDITIONAL VAR_DISABLE_EDNS_DO VAR_CACHEDB_NO_STORE
+%token VAR_LOG_DESTADDR
%%
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@@ -204,22 +215,25 @@ toplevelvar: serverstart contents_server | stubstart contents_stub |
force_toplevel: VAR_FORCE_TOPLEVEL
{
OUTYY(("\nP(force-toplevel)\n"));
+ cfg_parser->started_toplevel = 0;
}
;
/* server: declaration */
serverstart: VAR_SERVER
{
OUTYY(("\nP(server:)\n"));
+ cfg_parser->started_toplevel = 1;
}
;
contents_server: contents_server content_server
| ;
content_server: server_num_threads | server_verbosity | server_port |
server_outgoing_range | server_do_ip4 |
- server_do_ip6 | server_prefer_ip4 | server_prefer_ip6 |
- server_do_udp | server_do_tcp |
+ server_do_ip6 | server_do_nat64 | server_prefer_ip4 |
+ server_prefer_ip6 | server_do_udp | server_do_tcp |
server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
server_tcp_keepalive | server_tcp_keepalive_timeout |
+ server_sock_queue_timeout |
server_interface | server_chroot | server_username |
server_directory | server_logfile | server_pidfile |
server_msg_cache_size | server_msg_cache_slabs |
@@ -267,6 +281,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_so_reuseport | server_delay_close | server_udp_connect |
server_unblock_lan_zones | server_insecure_lan_zones |
server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
+ server_nat64_prefix |
server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade |
server_ip_transparent | server_ip_ratelimit | server_ratelimit |
server_ip_dscp | server_infra_keep_probing |
@@ -276,6 +291,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_ratelimit_below_domain | server_ratelimit_factor |
server_ip_ratelimit_factor | server_ratelimit_backoff |
server_ip_ratelimit_backoff | server_outbound_msg_retry |
+ server_max_sent_count | server_max_query_restarts |
server_send_client_subnet | server_client_subnet_zone |
server_client_subnet_always_forward | server_client_subnet_opcode |
server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
@@ -287,13 +303,15 @@ content_server: server_num_threads | server_verbosity | server_port |
server_disable_dnssec_lame_check | server_access_control_tag |
server_local_zone_override | server_access_control_tag_action |
server_access_control_tag_data | server_access_control_view |
+ server_interface_action | server_interface_view | server_interface_tag |
+ server_interface_tag_action | server_interface_tag_data |
server_qname_minimisation_strict |
server_pad_responses | server_pad_responses_block_size |
server_pad_queries | server_pad_queries_block_size |
server_serve_expired |
server_serve_expired_ttl | server_serve_expired_ttl_reset |
server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
- server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa |
+ server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa |
server_log_identity | server_use_systemd |
server_response_ip_tag | server_response_ip | server_response_ip_data |
server_shm_enable | server_shm_key | server_fake_sha1 |
@@ -309,17 +327,21 @@ content_server: server_num_threads | server_verbosity | server_port |
server_unknown_server_time_limit | server_log_tag_queryreply |
server_stream_wait_size | server_tls_ciphers |
server_tls_ciphersuites | server_tls_session_ticket_keys |
+ server_answer_cookie | server_cookie_secret | server_ip_ratelimit_cookie |
server_tls_use_sni | server_edns_client_string |
server_edns_client_string_opcode | server_nsid |
server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
- server_interface_automatic_ports | server_ede
-
+ server_interface_automatic_ports | server_ede |
+ server_proxy_protocol_port | server_statistics_inhibit_zero |
+ server_harden_unknown_additional | server_disable_edns_do |
+ server_log_destaddr
;
stubstart: VAR_STUB_ZONE
{
struct config_stub* s;
OUTYY(("\nP(stub_zone:)\n"));
+ cfg_parser->started_toplevel = 1;
s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
if(s) {
s->next = cfg_parser->cfg->stubs;
@@ -338,6 +360,7 @@ forwardstart: VAR_FORWARD_ZONE
{
struct config_stub* s;
OUTYY(("\nP(forward_zone:)\n"));
+ cfg_parser->started_toplevel = 1;
s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
if(s) {
s->next = cfg_parser->cfg->forwards;
@@ -356,6 +379,7 @@ viewstart: VAR_VIEW
{
struct config_view* s;
OUTYY(("\nP(view:)\n"));
+ cfg_parser->started_toplevel = 1;
s = (struct config_view*)calloc(1, sizeof(struct config_view));
if(s) {
s->next = cfg_parser->cfg->views;
@@ -376,6 +400,7 @@ authstart: VAR_AUTH_ZONE
{
struct config_auth* s;
OUTYY(("\nP(auth_zone:)\n"));
+ cfg_parser->started_toplevel = 1;
s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
if(s) {
s->next = cfg_parser->cfg->auths;
@@ -473,7 +498,8 @@ rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG
rpzstart: VAR_RPZ
{
struct config_auth* s;
- OUTYY(("\nP(rpz:)\n"));
+ OUTYY(("\nP(rpz:)\n"));
+ cfg_parser->started_toplevel = 1;
s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
if(s) {
s->next = cfg_parser->cfg->auths;
@@ -488,7 +514,7 @@ rpzstart: VAR_RPZ
}
}
;
-contents_rpz: contents_rpz content_rpz
+contents_rpz: contents_rpz content_rpz
| ;
content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
auth_allow_notify | rpz_action_override | rpz_cname_override |
@@ -541,6 +567,15 @@ server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
free($2);
}
;
+server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG
+ {
+ OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2));
+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+ yyerror("expected yes or no.");
+ else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0);
+ free($2);
+ }
+ ;
server_shm_enable: VAR_SHM_ENABLE STRING_ARG
{
OUTYY(("P(server_shm_enable:%s)\n", $2));
@@ -827,6 +862,15 @@ server_do_ip6: VAR_DO_IP6 STRING_ARG
free($2);
}
;
+server_do_nat64: VAR_DO_NAT64 STRING_ARG
+ {
+ OUTYY(("P(server_do_nat64:%s)\n", $2));
+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+ yyerror("expected yes or no.");
+ else cfg_parser->cfg->do_nat64 = (strcmp($2, "yes")==0);
+ free($2);
+ }
+ ;
server_do_udp: VAR_DO_UDP STRING_ARG
{
OUTYY(("P(server_do_udp:%s)\n", $2));
@@ -949,6 +993,19 @@ server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
free($2);
}
;
+server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG
+ {
+ OUTYY(("P(server_sock_queue_timeout:%s)\n", $2));
+ if(atoi($2) == 0 && strcmp($2, "0") != 0)
+ yyerror("number expected");
+ else if (atoi($2) > 6553500)
+ cfg_parser->cfg->sock_queue_timeout = 6553500;
+ else if (atoi($2) < 1)
+ cfg_parser->cfg->sock_queue_timeout = 0;
+ else cfg_parser->cfg->sock_queue_timeout = atoi($2);
+ free($2);
+ }
+ ;
server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
{
OUTYY(("P(server_tcp_upstream:%s)\n", $2));
@@ -1109,7 +1166,7 @@ server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
yyerror("expected yes or no.");
else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
free($2);
- }
+ };
server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
{
OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
@@ -1195,6 +1252,15 @@ server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
free($2);
}
;
+server_log_destaddr: VAR_LOG_DESTADDR STRING_ARG
+ {
+ OUTYY(("P(server_log_destaddr:%s)\n", $2));
+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+ yyerror("expected yes or no.");
+ else cfg_parser->cfg->log_destaddr = (strcmp($2, "yes")==0);
+ free($2);
+ }
+ ;
server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
{
OUTYY(("P(server_log_local_actions:%s)\n", $2));
@@ -1755,6 +1821,16 @@ server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
free($2);
}
;
+server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG
+ {
+ OUTYY(("P(server_harden_unknown_additional:%s)\n", $2));
+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+ yyerror("expected yes or no.");
+ else cfg_parser->cfg->harden_unknown_additional =
+ (strcmp($2, "yes")==0);
+ free($2);
+ }
+ ;
server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
{
OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
@@ -1842,21 +1918,18 @@ server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
{
OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
- if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
- strcmp($3, "deny_non_local")!=0 &&
- strcmp($3, "refuse_non_local")!=0 &&
- strcmp($3, "allow_setrd")!=0 &&
- strcmp($3, "allow")!=0 &&
- strcmp($3, "allow_snoop")!=0) {
- yyerror("expected deny, refuse, deny_non_local, "
- "refuse_non_local, allow, allow_setrd or "
- "allow_snoop in access control action");
- free($2);
- free($3);
- } else {
- if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
- fatal_exit("out of memory adding acl");
- }
+ validate_acl_action($3);
+ if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
+ fatal_exit("out of memory adding acl");
+ }
+ ;
+server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG
+ {
+ OUTYY(("P(server_interface_action:%s %s)\n", $2, $3));
+ validate_acl_action($3);
+ if(!cfg_str2list_insert(
+ &cfg_parser->cfg->interface_actions, $2, $3))
+ fatal_exit("out of memory adding acl");
}
;
server_module_conf: VAR_MODULE_CONF STRING_ARG
@@ -1999,6 +2072,15 @@ server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
free($2);
}
;
+server_disable_edns_do: VAR_DISABLE_EDNS_DO STRING_ARG
+ {
+ OUTYY(("P(server_disable_edns_do:%s)\n", $2));
+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+ yyerror("expected yes or no.");
+ else cfg_parser->cfg->disable_edns_do = (strcmp($2, "yes")==0);
+ free($2);
+ }
+ ;
server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
{
OUTYY(("P(server_serve_expired:%s)\n", $2));
@@ -2149,6 +2231,7 @@ server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
(strcmp($2, "yes")==0);
free($2);
}
+ ;
server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
{
OUTYY(("P(server_key_cache_size:%s)\n", $2));
@@ -2186,6 +2269,7 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
&& strcmp($3, "typetransparent")!=0
&& strcmp($3, "always_transparent")!=0
+ && strcmp($3, "block_a")!=0
&& strcmp($3, "always_refuse")!=0
&& strcmp($3, "always_nxdomain")!=0
&& strcmp($3, "always_nodata")!=0
@@ -2198,7 +2282,7 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
yyerror("local-zone type: expected static, deny, "
"refuse, redirect, transparent, "
"typetransparent, inform, inform_deny, "
- "inform_redirect, always_transparent, "
+ "inform_redirect, always_transparent, block_a,"
"always_refuse, always_nxdomain, "
"always_nodata, always_deny, always_null, "
"noview, nodefault or ipset");
@@ -2313,6 +2397,13 @@ server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
fatal_exit("out of memory adding dns64-ignore-aaaa");
}
;
+server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG
+ {
+ OUTYY(("P(nat64_prefix:%s)\n", $2));
+ free(cfg_parser->cfg->nat64_prefix);
+ cfg_parser->cfg->nat64_prefix = $2;
+ }
+ ;
server_define_tag: VAR_DEFINE_TAG STRING_ARG
{
char* p, *s = $2;
@@ -2414,6 +2505,60 @@ server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
}
}
;
+server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG
+ {
+ size_t len = 0;
+ uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
+ &len);
+ free($3);
+ OUTYY(("P(server_interface_tag:%s)\n", $2));
+ if(!bitlist) {
+ yyerror("could not parse tags, (define-tag them first)");
+ free($2);
+ }
+ if(bitlist) {
+ if(!cfg_strbytelist_insert(
+ &cfg_parser->cfg->interface_tags,
+ $2, bitlist, len)) {
+ yyerror("out of memory");
+ free($2);
+ }
+ }
+ }
+ ;
+server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
+ {
+ OUTYY(("P(server_interface_tag_action:%s %s %s)\n", $2, $3, $4));
+ if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions,
+ $2, $3, $4)) {
+ yyerror("out of memory");
+ free($2);
+ free($3);
+ free($4);
+ }
+ }
+ ;
+server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
+ {
+ OUTYY(("P(server_interface_tag_data:%s %s %s)\n", $2, $3, $4));
+ if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas,
+ $2, $3, $4)) {
+ yyerror("out of memory");
+ free($2);
+ free($3);
+ free($4);
+ }
+ }
+ ;
+server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG
+ {
+ OUTYY(("P(server_interface_view:%s %s)\n", $2, $3));
+ if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view,
+ $2, $3)) {
+ yyerror("out of memory");
+ }
+ }
+ ;
server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
{
size_t len = 0;
@@ -2444,6 +2589,15 @@ server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
free($2);
}
;
+server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG
+ {
+ OUTYY(("P(server_ip_ratelimit_cookie:%s)\n", $2));
+ if(atoi($2) == 0 && strcmp($2, "0") != 0)
+ yyerror("number expected");
+ else cfg_parser->cfg->ip_ratelimit_cookie = atoi($2);
+ free($2);
+ }
+ ;
server_ratelimit: VAR_RATELIMIT STRING_ARG
{
OUTYY(("P(server_ratelimit:%s)\n", $2));
@@ -2572,6 +2726,24 @@ server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
free($2);
}
;
+server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG
+ {
+ OUTYY(("P(server_max_sent_count:%s)\n", $2));
+ if(atoi($2) == 0 && strcmp($2, "0") != 0)
+ yyerror("number expected");
+ else cfg_parser->cfg->max_sent_count = atoi($2);
+ free($2);
+ }
+ ;
+server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG
+ {
+ OUTYY(("P(server_max_query_restarts:%s)\n", $2));
+ if(atoi($2) == 0 && strcmp($2, "0") != 0)
+ yyerror("number expected");
+ else cfg_parser->cfg->max_query_restarts = atoi($2);
+ free($2);
+ }
+ ;
server_low_rtt: VAR_LOW_RTT STRING_ARG
{
OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
@@ -2621,7 +2793,7 @@ server_pad_responses: VAR_PAD_RESPONSES STRING_ARG
OUTYY(("P(server_pad_responses:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
- else cfg_parser->cfg->pad_responses =
+ else cfg_parser->cfg->pad_responses =
(strcmp($2, "yes")==0);
free($2);
}
@@ -2640,7 +2812,7 @@ server_pad_queries: VAR_PAD_QUERIES STRING_ARG
OUTYY(("P(server_pad_queries:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
- else cfg_parser->cfg->pad_queries =
+ else cfg_parser->cfg->pad_queries =
(strcmp($2, "yes")==0);
free($2);
}
@@ -2761,6 +2933,13 @@ server_ede: VAR_EDE STRING_ARG
free($2);
}
;
+server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG
+ {
+ OUTYY(("P(server_proxy_protocol_port:%s)\n", $2));
+ if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, $2))
+ yyerror("out of memory");
+ }
+ ;
stub_name: VAR_NAME STRING_ARG
{
OUTYY(("P(name:%s)\n", $2));
@@ -3103,6 +3282,7 @@ view_first: VAR_VIEW_FIRST STRING_ARG
rcstart: VAR_REMOTE_CONTROL
{
OUTYY(("\nP(remote-control:)\n"));
+ cfg_parser->started_toplevel = 1;
}
;
contents_rc: contents_rc content_rc
@@ -3175,6 +3355,7 @@ rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
dtstart: VAR_DNSTAP
{
OUTYY(("\nP(dnstap:)\n"));
+ cfg_parser->started_toplevel = 1;
}
;
contents_dt: contents_dt content_dt
@@ -3357,6 +3538,7 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES
pythonstart: VAR_PYTHON
{
OUTYY(("\nP(python:)\n"));
+ cfg_parser->started_toplevel = 1;
}
;
contents_py: contents_py content_py
@@ -3369,9 +3551,11 @@ py_script: VAR_PYTHON_SCRIPT STRING_ARG
if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
yyerror("out of memory");
}
+ ;
dynlibstart: VAR_DYNLIB
- {
- OUTYY(("\nP(dynlib:)\n"));
+ {
+ OUTYY(("\nP(dynlib:)\n"));
+ cfg_parser->started_toplevel = 1;
}
;
contents_dl: contents_dl content_dl
@@ -3384,6 +3568,7 @@ dl_file: VAR_DYNLIB_FILE STRING_ARG
if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
yyerror("out of memory");
}
+ ;
server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
{
OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
@@ -3421,6 +3606,7 @@ server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
dnscstart: VAR_DNSCRYPT
{
OUTYY(("\nP(dnscrypt:)\n"));
+ cfg_parser->started_toplevel = 1;
}
;
contents_dnsc: contents_dnsc content_dnsc
@@ -3443,7 +3629,6 @@ dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
free($2);
}
;
-
dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
{
OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
@@ -3530,13 +3715,15 @@ dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
cachedbstart: VAR_CACHEDB
{
OUTYY(("\nP(cachedb:)\n"));
+ cfg_parser->started_toplevel = 1;
}
;
contents_cachedb: contents_cachedb content_cachedb
| ;
content_cachedb: cachedb_backend_name | cachedb_secret_seed |
redis_server_host | redis_server_port | redis_timeout |
- redis_expire_records
+ redis_expire_records | redis_server_path | redis_server_password |
+ cachedb_no_store | redis_logical_db
;
cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
{
@@ -3562,6 +3749,19 @@ cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
#endif
}
;
+cachedb_no_store: VAR_CACHEDB_NO_STORE STRING_ARG
+ {
+ #ifdef USE_CACHEDB
+ OUTYY(("P(cachedb_no_store:%s)\n", $2));
+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+ yyerror("expected yes or no.");
+ else cfg_parser->cfg->cachedb_no_store = (strcmp($2, "yes")==0);
+ #else
+ OUTYY(("P(Compiled without cachedb, ignoring)\n"));
+ #endif
+ free($2);
+ }
+ ;
redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
{
#if defined(USE_CACHEDB) && defined(USE_REDIS)
@@ -3589,6 +3789,30 @@ redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
free($2);
}
;
+redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG
+ {
+ #if defined(USE_CACHEDB) && defined(USE_REDIS)
+ OUTYY(("P(redis_server_path:%s)\n", $2));
+ free(cfg_parser->cfg->redis_server_path);
+ cfg_parser->cfg->redis_server_path = $2;
+ #else
+ OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
+ free($2);
+ #endif
+ }
+ ;
+redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG
+ {
+ #if defined(USE_CACHEDB) && defined(USE_REDIS)
+ OUTYY(("P(redis_server_password:%s)\n", $2));
+ free(cfg_parser->cfg->redis_server_password);
+ cfg_parser->cfg->redis_server_password = $2;
+ #else
+ OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
+ free($2);
+ #endif
+ }
+ ;
redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
{
#if defined(USE_CACHEDB) && defined(USE_REDIS)
@@ -3615,6 +3839,21 @@ redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
free($2);
}
;
+redis_logical_db: VAR_CACHEDB_REDISLOGICALDB STRING_ARG
+ {
+ #if defined(USE_CACHEDB) && defined(USE_REDIS)
+ int db;
+ OUTYY(("P(redis_logical_db:%s)\n", $2));
+ db = atoi($2);
+ if((db == 0 && strcmp($2, "0") != 0) || db < 0)
+ yyerror("valid redis logical database index expected");
+ else cfg_parser->cfg->redis_logical_db = db;
+ #else
+ OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
+ #endif
+ free($2);
+ }
+ ;
server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
{
OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
@@ -3626,9 +3865,35 @@ server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
}
}
;
+server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG
+ {
+ OUTYY(("P(server_answer_cookie:%s)\n", $2));
+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+ yyerror("expected yes or no.");
+ else cfg_parser->cfg->do_answer_cookie = (strcmp($2, "yes")==0);
+ free($2);
+ }
+ ;
+server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG
+ {
+ uint8_t secret[32];
+ size_t secret_len = sizeof(secret);
+
+ OUTYY(("P(server_cookie_secret:%s)\n", $2));
+ if(sldns_str2wire_hex_buf($2, secret, &secret_len)
+ || (secret_len != 16))
+ yyerror("expected 128 bit hex string");
+ else {
+ cfg_parser->cfg->cookie_secret_len = secret_len;
+ memcpy(cfg_parser->cfg->cookie_secret, secret, sizeof(secret));
+ }
+ free($2);
+ }
+ ;
ipsetstart: VAR_IPSET
{
OUTYY(("\nP(ipset:)\n"));
+ cfg_parser->started_toplevel = 1;
}
;
contents_ipset: contents_ipset content_ipset
@@ -3685,4 +3950,20 @@ validate_respip_action(const char* action)
}
}
-
+static void
+validate_acl_action(const char* action)
+{
+ if(strcmp(action, "deny")!=0 &&
+ strcmp(action, "refuse")!=0 &&
+ strcmp(action, "deny_non_local")!=0 &&
+ strcmp(action, "refuse_non_local")!=0 &&
+ strcmp(action, "allow_setrd")!=0 &&
+ strcmp(action, "allow")!=0 &&
+ strcmp(action, "allow_snoop")!=0 &&
+ strcmp(action, "allow_cookie")!=0)
+ {
+ yyerror("expected deny, refuse, deny_non_local, "
+ "refuse_non_local, allow, allow_setrd, "
+ "allow_snoop or allow_cookie as access control action");
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 03:43:11 +0000