1 /*
2 * configparser.y -- yacc grammar for unbound configuration files
3 *
4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5 *
6 * Copyright (c) 2007, NLnet Labs. All rights reserved.
7 *
8 * This software is open source.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * Redistributions of source code must retain the above copyright notice,
15 * this list of conditions and the following disclaimer.
16 *
17 * Redistributions in binary form must reproduce the above copyright notice,
18 * this list of conditions and the following disclaimer in the documentation
19 * and/or other materials provided with the distribution.
20 *
21 * Neither the name of the NLNET LABS nor the names of its contributors may
22 * be used to endorse or promote products derived from this software without
23 * specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 */
37
38 %{
39 #include "config.h"
40
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 #include "sldns/str2wire.h"
51
52 int ub_c_lex(void);
53 void ub_c_error(const char *message);
54
55 static void validate_respip_action(const char* action);
56 static void validate_acl_action(const char* action);
57
58 /* these need to be global, otherwise they cannot be used inside yacc */
59 extern struct config_parser_state* cfg_parser;
60
61 #if 0
62 #define OUTYY(s) printf s /* used ONLY when debugging */
63 #else
64 #define OUTYY(s)
65 #endif
66
67 %}
68 %union {
69 char* str;
70 };
71
72 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
73 %token <str> STRING_ARG
74 %token VAR_FORCE_TOPLEVEL
75 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
76 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
77 %token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_NAT64 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
78 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
79 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
80 %token VAR_SOCK_QUEUE_TIMEOUT
81 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
82 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
83 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
84 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
85 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
86 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
87 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
88 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
89 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
90 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
91 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
92 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
93 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
94 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
95 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
96 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
97 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
98 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
99 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
100 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
101 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
102 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
103 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
104 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
105 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
106 %token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES
107 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
108 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
109 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
110 %token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL
111 %token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING
112 %token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE
113 %token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT
114 %token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES
115 %token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM
116 %token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY
117 %token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
118 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
119 %token VAR_STUB_TCP_UPSTREAM VAR_FORWARD_TCP_UPSTREAM
120 %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
121 %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
122 %token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
123 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
124 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
125 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
126 %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING
127 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
128 %token VAR_NAT64_PREFIX
129 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
130 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
131 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
132 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
133 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
134 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
135 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
136 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
137 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
138 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
139 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
140 %token VAR_DNSTAP_SAMPLE_RATE
141 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
142 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
143 %token VAR_IP_DSCP
144 %token VAR_DISABLE_DNSSEC_LAME_CHECK
145 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
146 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
147 %token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS
148 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
149 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
150 %token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
151 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
152 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
153 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
154 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
155 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
156 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
157 %token VAR_CACHE_MIN_NEGATIVE_TTL
158 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
159 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
160 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
161 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
162 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
163 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
164 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_EDE_SERVE_EXPIRED
165 %token VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
166 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
167 %token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
168 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
169 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
170 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
171 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
172 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
173 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
174 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
175 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
176 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
177 %token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE
178 %token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE
179 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
180 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
181 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
182 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISREPLICAHOST
183 %token VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISREPLICAPORT
184 %token VAR_CACHEDB_REDISTIMEOUT VAR_CACHEDB_REDISREPLICATIMEOUT
185 %token VAR_CACHEDB_REDISEXPIRERECORDS
186 %token VAR_CACHEDB_REDISPATH VAR_CACHEDB_REDISREPLICAPATH
187 %token VAR_CACHEDB_REDISPASSWORD VAR_CACHEDB_REDISREPLICAPASSWORD
188 %token VAR_CACHEDB_REDISLOGICALDB VAR_CACHEDB_REDISREPLICALOGICALDB
189 %token VAR_CACHEDB_REDISCOMMANDTIMEOUT VAR_CACHEDB_REDISREPLICACOMMANDTIMEOUT
190 %token VAR_CACHEDB_REDISCONNECTTIMEOUT VAR_CACHEDB_REDISREPLICACONNECTTIMEOUT
191 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
192 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
193 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
194 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
195 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
196 %token VAR_ANSWER_COOKIE VAR_COOKIE_SECRET VAR_IP_RATELIMIT_COOKIE
197 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
198 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
199 %token VAR_DISCARD_TIMEOUT VAR_WAIT_LIMIT VAR_WAIT_LIMIT_COOKIE
200 %token VAR_WAIT_LIMIT_NETBLOCK VAR_WAIT_LIMIT_COOKIE_NETBLOCK
201 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
202 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
203 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
204 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
205 %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
206 %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
207 %token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE
208 %token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
209 %token VAR_DNS_ERROR_REPORTING
210 %token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
211 %token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
212 %token VAR_QUIC_PORT VAR_QUIC_SIZE
213 %token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO
214 %token VAR_HARDEN_UNKNOWN_ADDITIONAL VAR_DISABLE_EDNS_DO VAR_CACHEDB_NO_STORE
215 %token VAR_LOG_DESTADDR VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED
216 %token VAR_COOKIE_SECRET_FILE VAR_ITER_SCRUB_NS VAR_ITER_SCRUB_CNAME
217 %token VAR_MAX_GLOBAL_QUOTA VAR_HARDEN_UNVERIFIED_GLUE VAR_LOG_TIME_ISO
218
219 %%
220 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
221 toplevelvar: serverstart contents_server | stub_clause |
222 forward_clause | pythonstart contents_py |
223 rcstart contents_rc | dtstart contents_dt | view_clause |
224 dnscstart contents_dnsc | cachedbstart contents_cachedb |
225 ipsetstart contents_ipset | authstart contents_auth |
226 rpzstart contents_rpz | dynlibstart contents_dl |
227 force_toplevel
228 ;
229 force_toplevel: VAR_FORCE_TOPLEVEL
230 {
231 OUTYY(("\nP(force-toplevel)\n"));
232 cfg_parser->started_toplevel = 0;
233 }
234 ;
235 /* server: declaration */
236 serverstart: VAR_SERVER
237 {
238 OUTYY(("\nP(server:)\n"));
239 cfg_parser->started_toplevel = 1;
240 }
241 ;
242 contents_server: contents_server content_server
243 | ;
244 content_server: server_num_threads | server_verbosity | server_port |
245 server_outgoing_range | server_do_ip4 |
246 server_do_ip6 | server_do_nat64 | server_prefer_ip4 |
247 server_prefer_ip6 | server_do_udp | server_do_tcp |
248 server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
249 server_tcp_keepalive | server_tcp_keepalive_timeout |
250 server_sock_queue_timeout |
251 server_interface | server_chroot | server_username |
252 server_directory | server_logfile | server_pidfile |
253 server_msg_cache_size | server_msg_cache_slabs |
254 server_num_queries_per_thread | server_rrset_cache_size |
255 server_rrset_cache_slabs | server_outgoing_num_tcp |
256 server_infra_host_ttl | server_infra_lame_ttl |
257 server_infra_cache_slabs | server_infra_cache_numhosts |
258 server_infra_cache_lame_size | server_target_fetch_policy |
259 server_harden_short_bufsize | server_harden_large_queries |
260 server_do_not_query_address | server_hide_identity |
261 server_hide_version | server_identity | server_version |
262 server_hide_http_user_agent | server_http_user_agent |
263 server_harden_glue | server_module_conf | server_trust_anchor_file |
264 server_trust_anchor | server_val_override_date | server_bogus_ttl |
265 server_val_clean_additional | server_val_permissive_mode |
266 server_incoming_num_tcp | server_msg_buffer_size |
267 server_key_cache_size | server_key_cache_slabs |
268 server_trusted_keys_file | server_val_nsec3_keysize_iterations |
269 server_use_syslog | server_outgoing_interface | server_root_hints |
270 server_do_not_query_localhost | server_cache_max_ttl |
271 server_harden_dnssec_stripped | server_access_control |
272 server_local_zone | server_local_data | server_interface_automatic |
273 server_statistics_interval | server_do_daemonize |
274 server_use_caps_for_id | server_statistics_cumulative |
275 server_outgoing_port_permit | server_outgoing_port_avoid |
276 server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
277 server_harden_referral_path | server_private_address |
278 server_private_domain | server_extended_statistics |
279 server_local_data_ptr | server_jostle_timeout |
280 server_unwanted_reply_threshold | server_log_time_ascii |
281 server_domain_insecure | server_val_sig_skew_min |
282 server_val_sig_skew_max | server_val_max_restart |
283 server_cache_min_ttl | server_val_log_level |
284 server_auto_trust_anchor_file | server_add_holddown |
285 server_del_holddown | server_keep_missing | server_so_rcvbuf |
286 server_edns_buffer_size | server_prefetch | server_prefetch_key |
287 server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
288 server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
289 server_log_local_actions |
290 server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
291 server_https_port | server_http_endpoint | server_http_max_streams |
292 server_http_query_buffer_size | server_http_response_buffer_size |
293 server_http_nodelay | server_http_notls_downstream |
294 server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
295 server_so_reuseport | server_delay_close | server_udp_connect |
296 server_unblock_lan_zones | server_insecure_lan_zones |
297 server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
298 server_nat64_prefix |
299 server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade |
300 server_ip_transparent | server_ip_ratelimit | server_ratelimit |
301 server_ip_dscp | server_infra_keep_probing |
302 server_ip_ratelimit_slabs | server_ratelimit_slabs |
303 server_ip_ratelimit_size | server_ratelimit_size |
304 server_ratelimit_for_domain |
305 server_ratelimit_below_domain | server_ratelimit_factor |
306 server_ip_ratelimit_factor | server_ratelimit_backoff |
307 server_ip_ratelimit_backoff | server_outbound_msg_retry |
308 server_max_sent_count | server_max_query_restarts |
309 server_send_client_subnet | server_client_subnet_zone |
310 server_client_subnet_always_forward | server_client_subnet_opcode |
311 server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
312 server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
313 server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
314 server_caps_whitelist | server_cache_max_negative_ttl |
315 server_cache_min_negative_ttl |
316 server_permit_small_holddown | server_qname_minimisation |
317 server_ip_freebind | server_define_tag | server_local_zone_tag |
318 server_disable_dnssec_lame_check | server_access_control_tag |
319 server_local_zone_override | server_access_control_tag_action |
320 server_access_control_tag_data | server_access_control_view |
321 server_interface_action | server_interface_view | server_interface_tag |
322 server_interface_tag_action | server_interface_tag_data |
323 server_qname_minimisation_strict |
324 server_pad_responses | server_pad_responses_block_size |
325 server_pad_queries | server_pad_queries_block_size |
326 server_serve_expired |
327 server_serve_expired_ttl | server_serve_expired_ttl_reset |
328 server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
329 server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa |
330 server_log_identity | server_use_systemd |
331 server_response_ip_tag | server_response_ip | server_response_ip_data |
332 server_shm_enable | server_shm_key | server_fake_sha1 |
333 server_hide_trustanchor | server_trust_anchor_signaling |
334 server_root_key_sentinel |
335 server_ipsecmod_enabled | server_ipsecmod_hook |
336 server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
337 server_ipsecmod_whitelist | server_ipsecmod_strict |
338 server_udp_upstream_without_downstream | server_aggressive_nsec |
339 server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
340 server_fast_server_permil | server_fast_server_num | server_tls_win_cert |
341 server_tcp_connection_limit | server_log_servfail | server_deny_any |
342 server_unknown_server_time_limit | server_log_tag_queryreply |
343 server_discard_timeout | server_wait_limit | server_wait_limit_cookie |
344 server_wait_limit_netblock | server_wait_limit_cookie_netblock |
345 server_stream_wait_size | server_tls_ciphers |
346 server_tls_ciphersuites | server_tls_session_ticket_keys |
347 server_answer_cookie | server_cookie_secret | server_ip_ratelimit_cookie |
348 server_tls_use_sni | server_edns_client_string |
349 server_edns_client_string_opcode | server_nsid |
350 server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
351 server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
352 server_quic_port | server_quic_size |
353 server_interface_automatic_ports | server_ede |
354 server_dns_error_reporting |
355 server_proxy_protocol_port | server_statistics_inhibit_zero |
356 server_harden_unknown_additional | server_disable_edns_do |
357 server_log_destaddr | server_cookie_secret_file |
358 server_iter_scrub_ns | server_iter_scrub_cname | server_max_global_quota |
359 server_harden_unverified_glue | server_log_time_iso
360 ;
361 stub_clause: stubstart contents_stub
362 {
363 /* stub end */
364 if(cfg_parser->cfg->stubs &&
365 !cfg_parser->cfg->stubs->name)
366 yyerror("stub-zone without name");
367 }
368 ;
369 stubstart: VAR_STUB_ZONE
370 {
371 struct config_stub* s;
372 OUTYY(("\nP(stub_zone:)\n"));
373 cfg_parser->started_toplevel = 1;
374 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
375 if(s) {
376 s->next = cfg_parser->cfg->stubs;
377 cfg_parser->cfg->stubs = s;
378 } else {
379 yyerror("out of memory");
380 }
381 }
382 ;
383 contents_stub: contents_stub content_stub
384 | ;
385 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
386 stub_no_cache | stub_ssl_upstream | stub_tcp_upstream
387 ;
388 forward_clause: forwardstart contents_forward
389 {
390 /* forward end */
391 if(cfg_parser->cfg->forwards &&
392 !cfg_parser->cfg->forwards->name)
393 yyerror("forward-zone without name");
394 }
395 ;
396 forwardstart: VAR_FORWARD_ZONE
397 {
398 struct config_stub* s;
399 OUTYY(("\nP(forward_zone:)\n"));
400 cfg_parser->started_toplevel = 1;
401 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
402 if(s) {
403 s->next = cfg_parser->cfg->forwards;
404 cfg_parser->cfg->forwards = s;
405 } else {
406 yyerror("out of memory");
407 }
408 }
409 ;
410 contents_forward: contents_forward content_forward
411 | ;
412 content_forward: forward_name | forward_host | forward_addr | forward_first |
413 forward_no_cache | forward_ssl_upstream | forward_tcp_upstream
414 ;
415 view_clause: viewstart contents_view
416 {
417 /* view end */
418 if(cfg_parser->cfg->views &&
419 !cfg_parser->cfg->views->name)
420 yyerror("view without name");
421 }
422 ;
423 viewstart: VAR_VIEW
424 {
425 struct config_view* s;
426 OUTYY(("\nP(view:)\n"));
427 cfg_parser->started_toplevel = 1;
428 s = (struct config_view*)calloc(1, sizeof(struct config_view));
429 if(s) {
430 s->next = cfg_parser->cfg->views;
431 cfg_parser->cfg->views = s;
432 } else {
433 yyerror("out of memory");
434 }
435 }
436 ;
437 contents_view: contents_view content_view
438 | ;
439 content_view: view_name | view_local_zone | view_local_data | view_first |
440 view_response_ip | view_response_ip_data | view_local_data_ptr
441 ;
442 authstart: VAR_AUTH_ZONE
443 {
444 struct config_auth* s;
445 OUTYY(("\nP(auth_zone:)\n"));
446 cfg_parser->started_toplevel = 1;
447 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
448 if(s) {
449 s->next = cfg_parser->cfg->auths;
450 cfg_parser->cfg->auths = s;
451 /* defaults for auth zone */
452 s->for_downstream = 1;
453 s->for_upstream = 1;
454 s->fallback_enabled = 0;
455 s->zonemd_check = 0;
456 s->zonemd_reject_absence = 0;
457 s->isrpz = 0;
458 } else {
459 yyerror("out of memory");
460 }
461 }
462 ;
463 contents_auth: contents_auth content_auth
464 | ;
465 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
466 auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
467 auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence
468 ;
469
470 rpz_tag: VAR_TAGS STRING_ARG
471 {
472 uint8_t* bitlist;
473 size_t len = 0;
474 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
475 bitlist = config_parse_taglist(cfg_parser->cfg, $2,
476 &len);
477 free($2);
478 if(!bitlist) {
479 yyerror("could not parse tags, (define-tag them first)");
480 }
481 if(bitlist) {
482 cfg_parser->cfg->auths->rpz_taglist = bitlist;
483 cfg_parser->cfg->auths->rpz_taglistlen = len;
484
485 }
486 }
487 ;
488
489 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
490 {
491 OUTYY(("P(rpz_action_override:%s)\n", $2));
492 if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
493 strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
494 strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
495 yyerror("rpz-action-override action: expected nxdomain, "
496 "nodata, passthru, drop, cname or disabled");
497 free($2);
498 cfg_parser->cfg->auths->rpz_action_override = NULL;
499 }
500 else {
501 cfg_parser->cfg->auths->rpz_action_override = $2;
502 }
503 }
504 ;
505
506 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
507 {
508 OUTYY(("P(rpz_cname_override:%s)\n", $2));
509 free(cfg_parser->cfg->auths->rpz_cname);
510 cfg_parser->cfg->auths->rpz_cname = $2;
511 }
512 ;
513
514 rpz_log: VAR_RPZ_LOG STRING_ARG
515 {
516 OUTYY(("P(rpz_log:%s)\n", $2));
517 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
518 yyerror("expected yes or no.");
519 else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
520 free($2);
521 }
522 ;
523
524 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
525 {
526 OUTYY(("P(rpz_log_name:%s)\n", $2));
527 free(cfg_parser->cfg->auths->rpz_log_name);
528 cfg_parser->cfg->auths->rpz_log_name = $2;
529 }
530 ;
531 rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG
532 {
533 OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", $2));
534 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
535 yyerror("expected yes or no.");
536 else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp($2, "yes")==0);
537 free($2);
538 }
539 ;
540
541 rpzstart: VAR_RPZ
542 {
543 struct config_auth* s;
544 OUTYY(("\nP(rpz:)\n"));
545 cfg_parser->started_toplevel = 1;
546 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
547 if(s) {
548 s->next = cfg_parser->cfg->auths;
549 cfg_parser->cfg->auths = s;
550 /* defaults for RPZ auth zone */
551 s->for_downstream = 0;
552 s->for_upstream = 0;
553 s->fallback_enabled = 0;
554 s->isrpz = 1;
555 } else {
556 yyerror("out of memory");
557 }
558 }
559 ;
560 contents_rpz: contents_rpz content_rpz
561 | ;
562 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
563 auth_allow_notify | rpz_action_override | rpz_cname_override |
564 rpz_log | rpz_log_name | rpz_signal_nxdomain_ra | auth_for_downstream
565 ;
566 server_num_threads: VAR_NUM_THREADS STRING_ARG
567 {
568 OUTYY(("P(server_num_threads:%s)\n", $2));
569 if(atoi($2) == 0 && strcmp($2, "0") != 0)
570 yyerror("number expected");
571 else cfg_parser->cfg->num_threads = atoi($2);
572 free($2);
573 }
574 ;
575 server_verbosity: VAR_VERBOSITY STRING_ARG
576 {
577 OUTYY(("P(server_verbosity:%s)\n", $2));
578 if(atoi($2) == 0 && strcmp($2, "0") != 0)
579 yyerror("number expected");
580 else cfg_parser->cfg->verbosity = atoi($2);
581 free($2);
582 }
583 ;
584 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
585 {
586 OUTYY(("P(server_statistics_interval:%s)\n", $2));
587 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
588 cfg_parser->cfg->stat_interval = 0;
589 else if(atoi($2) == 0)
590 yyerror("number expected");
591 else cfg_parser->cfg->stat_interval = atoi($2);
592 free($2);
593 }
594 ;
595 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
596 {
597 OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
598 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
599 yyerror("expected yes or no.");
600 else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
601 free($2);
602 }
603 ;
604 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
605 {
606 OUTYY(("P(server_extended_statistics:%s)\n", $2));
607 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
608 yyerror("expected yes or no.");
609 else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
610 free($2);
611 }
612 ;
613 server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG
614 {
615 OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2));
616 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
617 yyerror("expected yes or no.");
618 else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0);
619 free($2);
620 }
621 ;
622 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
623 {
624 OUTYY(("P(server_shm_enable:%s)\n", $2));
625 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
626 yyerror("expected yes or no.");
627 else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
628 free($2);
629 }
630 ;
631 server_shm_key: VAR_SHM_KEY STRING_ARG
632 {
633 OUTYY(("P(server_shm_key:%s)\n", $2));
634 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
635 cfg_parser->cfg->shm_key = 0;
636 else if(atoi($2) == 0)
637 yyerror("number expected");
638 else cfg_parser->cfg->shm_key = atoi($2);
639 free($2);
640 }
641 ;
642 server_port: VAR_PORT STRING_ARG
643 {
644 OUTYY(("P(server_port:%s)\n", $2));
645 if(atoi($2) == 0)
646 yyerror("port number expected");
647 else cfg_parser->cfg->port = atoi($2);
648 free($2);
649 }
650 ;
651 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
652 {
653 #ifdef CLIENT_SUBNET
654 OUTYY(("P(server_send_client_subnet:%s)\n", $2));
655 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
656 fatal_exit("out of memory adding client-subnet");
657 #else
658 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
659 free($2);
660 #endif
661 }
662 ;
663 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
664 {
665 #ifdef CLIENT_SUBNET
666 OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
667 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
668 $2))
669 fatal_exit("out of memory adding client-subnet-zone");
670 #else
671 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
672 free($2);
673 #endif
674 }
675 ;
676 server_client_subnet_always_forward:
677 VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
678 {
679 #ifdef CLIENT_SUBNET
680 OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
681 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
682 yyerror("expected yes or no.");
683 else
684 cfg_parser->cfg->client_subnet_always_forward =
685 (strcmp($2, "yes")==0);
686 #else
687 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
688 #endif
689 free($2);
690 }
691 ;
692 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
693 {
694 #ifdef CLIENT_SUBNET
695 OUTYY(("P(client_subnet_opcode:%s)\n", $2));
696 OUTYY(("P(Deprecated option, ignoring)\n"));
697 #else
698 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
699 #endif
700 free($2);
701 }
702 ;
703 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
704 {
705 #ifdef CLIENT_SUBNET
706 OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
707 if(atoi($2) == 0 && strcmp($2, "0") != 0)
708 yyerror("IPv4 subnet length expected");
709 else if (atoi($2) > 32)
710 cfg_parser->cfg->max_client_subnet_ipv4 = 32;
711 else if (atoi($2) < 0)
712 cfg_parser->cfg->max_client_subnet_ipv4 = 0;
713 else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
714 #else
715 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
716 #endif
717 free($2);
718 }
719 ;
720 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
721 {
722 #ifdef CLIENT_SUBNET
723 OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
724 if(atoi($2) == 0 && strcmp($2, "0") != 0)
725 yyerror("Ipv6 subnet length expected");
726 else if (atoi($2) > 128)
727 cfg_parser->cfg->max_client_subnet_ipv6 = 128;
728 else if (atoi($2) < 0)
729 cfg_parser->cfg->max_client_subnet_ipv6 = 0;
730 else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
731 #else
732 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
733 #endif
734 free($2);
735 }
736 ;
737 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
738 {
739 #ifdef CLIENT_SUBNET
740 OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
741 if(atoi($2) == 0 && strcmp($2, "0") != 0)
742 yyerror("IPv4 subnet length expected");
743 else if (atoi($2) > 32)
744 cfg_parser->cfg->min_client_subnet_ipv4 = 32;
745 else if (atoi($2) < 0)
746 cfg_parser->cfg->min_client_subnet_ipv4 = 0;
747 else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
748 #else
749 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
750 #endif
751 free($2);
752 }
753 ;
754 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
755 {
756 #ifdef CLIENT_SUBNET
757 OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
758 if(atoi($2) == 0 && strcmp($2, "0") != 0)
759 yyerror("Ipv6 subnet length expected");
760 else if (atoi($2) > 128)
761 cfg_parser->cfg->min_client_subnet_ipv6 = 128;
762 else if (atoi($2) < 0)
763 cfg_parser->cfg->min_client_subnet_ipv6 = 0;
764 else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
765 #else
766 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
767 #endif
768 free($2);
769 }
770 ;
771 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
772 {
773 #ifdef CLIENT_SUBNET
774 OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
775 if(atoi($2) == 0 && strcmp($2, "0") != 0)
776 yyerror("IPv4 ECS tree size expected");
777 else if (atoi($2) < 0)
778 cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
779 else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
780 #else
781 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
782 #endif
783 free($2);
784 }
785 ;
786 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
787 {
788 #ifdef CLIENT_SUBNET
789 OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
790 if(atoi($2) == 0 && strcmp($2, "0") != 0)
791 yyerror("IPv6 ECS tree size expected");
792 else if (atoi($2) < 0)
793 cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
794 else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
795 #else
796 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
797 #endif
798 free($2);
799 }
800 ;
801 server_interface: VAR_INTERFACE STRING_ARG
802 {
803 OUTYY(("P(server_interface:%s)\n", $2));
804 if(cfg_parser->cfg->num_ifs == 0)
805 cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
806 else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
807 (cfg_parser->cfg->num_ifs+1)*sizeof(char*));
808 if(!cfg_parser->cfg->ifs)
809 yyerror("out of memory");
810 else
811 cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
812 }
813 ;
814 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
815 {
816 OUTYY(("P(server_outgoing_interface:%s)\n", $2));
817 if(cfg_parser->cfg->num_out_ifs == 0)
818 cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
819 else cfg_parser->cfg->out_ifs = realloc(
820 cfg_parser->cfg->out_ifs,
821 (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
822 if(!cfg_parser->cfg->out_ifs)
823 yyerror("out of memory");
824 else
825 cfg_parser->cfg->out_ifs[
826 cfg_parser->cfg->num_out_ifs++] = $2;
827 }
828 ;
829 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
830 {
831 OUTYY(("P(server_outgoing_range:%s)\n", $2));
832 if(atoi($2) == 0)
833 yyerror("number expected");
834 else cfg_parser->cfg->outgoing_num_ports = atoi($2);
835 free($2);
836 }
837 ;
838 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
839 {
840 OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
841 if(!cfg_mark_ports($2, 1,
842 cfg_parser->cfg->outgoing_avail_ports, 65536))
843 yyerror("port number or range (\"low-high\") expected");
844 free($2);
845 }
846 ;
847 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
848 {
849 OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
850 if(!cfg_mark_ports($2, 0,
851 cfg_parser->cfg->outgoing_avail_ports, 65536))
852 yyerror("port number or range (\"low-high\") expected");
853 free($2);
854 }
855 ;
856 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
857 {
858 OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
859 if(atoi($2) == 0 && strcmp($2, "0") != 0)
860 yyerror("number expected");
861 else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
862 free($2);
863 }
864 ;
865 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
866 {
867 OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
868 if(atoi($2) == 0 && strcmp($2, "0") != 0)
869 yyerror("number expected");
870 else cfg_parser->cfg->incoming_num_tcp = atoi($2);
871 free($2);
872 }
873 ;
874 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
875 {
876 OUTYY(("P(server_interface_automatic:%s)\n", $2));
877 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
878 yyerror("expected yes or no.");
879 else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
880 free($2);
881 }
882 ;
883 server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG
884 {
885 OUTYY(("P(server_interface_automatic_ports:%s)\n", $2));
886 free(cfg_parser->cfg->if_automatic_ports);
887 cfg_parser->cfg->if_automatic_ports = $2;
888 }
889 ;
890 server_do_ip4: VAR_DO_IP4 STRING_ARG
891 {
892 OUTYY(("P(server_do_ip4:%s)\n", $2));
893 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
894 yyerror("expected yes or no.");
895 else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
896 free($2);
897 }
898 ;
899 server_do_ip6: VAR_DO_IP6 STRING_ARG
900 {
901 OUTYY(("P(server_do_ip6:%s)\n", $2));
902 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
903 yyerror("expected yes or no.");
904 else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
905 free($2);
906 }
907 ;
908 server_do_nat64: VAR_DO_NAT64 STRING_ARG
909 {
910 OUTYY(("P(server_do_nat64:%s)\n", $2));
911 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
912 yyerror("expected yes or no.");
913 else cfg_parser->cfg->do_nat64 = (strcmp($2, "yes")==0);
914 free($2);
915 }
916 ;
917 server_do_udp: VAR_DO_UDP STRING_ARG
918 {
919 OUTYY(("P(server_do_udp:%s)\n", $2));
920 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
921 yyerror("expected yes or no.");
922 else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
923 free($2);
924 }
925 ;
926 server_do_tcp: VAR_DO_TCP STRING_ARG
927 {
928 OUTYY(("P(server_do_tcp:%s)\n", $2));
929 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
930 yyerror("expected yes or no.");
931 else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
932 free($2);
933 }
934 ;
935 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
936 {
937 OUTYY(("P(server_prefer_ip4:%s)\n", $2));
938 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
939 yyerror("expected yes or no.");
940 else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
941 free($2);
942 }
943 ;
944 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
945 {
946 OUTYY(("P(server_prefer_ip6:%s)\n", $2));
947 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
948 yyerror("expected yes or no.");
949 else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
950 free($2);
951 }
952 ;
953 server_tcp_mss: VAR_TCP_MSS STRING_ARG
954 {
955 OUTYY(("P(server_tcp_mss:%s)\n", $2));
956 if(atoi($2) == 0 && strcmp($2, "0") != 0)
957 yyerror("number expected");
958 else cfg_parser->cfg->tcp_mss = atoi($2);
959 free($2);
960 }
961 ;
962 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
963 {
964 OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
965 if(atoi($2) == 0 && strcmp($2, "0") != 0)
966 yyerror("number expected");
967 else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
968 free($2);
969 }
970 ;
971 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
972 {
973 OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
974 if(atoi($2) == 0 && strcmp($2, "0") != 0)
975 yyerror("number expected");
976 else if (atoi($2) > 120000)
977 cfg_parser->cfg->tcp_idle_timeout = 120000;
978 else if (atoi($2) < 1)
979 cfg_parser->cfg->tcp_idle_timeout = 1;
980 else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
981 free($2);
982 }
983 ;
984 server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG
985 {
986 OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));
987 if(atoi($2) == 0 && strcmp($2, "0") != 0)
988 yyerror("number expected");
989 else if (atoi($2) < 1)
990 cfg_parser->cfg->max_reuse_tcp_queries = 0;
991 else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);
992 free($2);
993 }
994 ;
995 server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG
996 {
997 OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));
998 if(atoi($2) == 0 && strcmp($2, "0") != 0)
999 yyerror("number expected");
1000 else if (atoi($2) < 1)
1001 cfg_parser->cfg->tcp_reuse_timeout = 0;
1002 else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);
1003 free($2);
1004 }
1005 ;
1006 server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG
1007 {
1008 OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2));
1009 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1010 yyerror("number expected");
1011 else if (atoi($2) < 1)
1012 cfg_parser->cfg->tcp_auth_query_timeout = 0;
1013 else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2);
1014 free($2);
1015 }
1016 ;
1017 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
1018 {
1019 OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
1020 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1021 yyerror("expected yes or no.");
1022 else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
1023 free($2);
1024 }
1025 ;
1026 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
1027 {
1028 OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
1029 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1030 yyerror("number expected");
1031 else if (atoi($2) > 6553500)
1032 cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
1033 else if (atoi($2) < 1)
1034 cfg_parser->cfg->tcp_keepalive_timeout = 0;
1035 else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
1036 free($2);
1037 }
1038 ;
1039 server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG
1040 {
1041 OUTYY(("P(server_sock_queue_timeout:%s)\n", $2));
1042 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1043 yyerror("number expected");
1044 else if (atoi($2) > 6553500)
1045 cfg_parser->cfg->sock_queue_timeout = 6553500;
1046 else if (atoi($2) < 1)
1047 cfg_parser->cfg->sock_queue_timeout = 0;
1048 else cfg_parser->cfg->sock_queue_timeout = atoi($2);
1049 free($2);
1050 }
1051 ;
1052 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
1053 {
1054 OUTYY(("P(server_tcp_upstream:%s)\n", $2));
1055 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1056 yyerror("expected yes or no.");
1057 else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
1058 free($2);
1059 }
1060 ;
1061 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
1062 {
1063 OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
1064 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1065 yyerror("expected yes or no.");
1066 else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
1067 free($2);
1068 }
1069 ;
1070 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
1071 {
1072 OUTYY(("P(server_ssl_upstream:%s)\n", $2));
1073 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1074 yyerror("expected yes or no.");
1075 else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
1076 free($2);
1077 }
1078 ;
1079 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
1080 {
1081 OUTYY(("P(server_ssl_service_key:%s)\n", $2));
1082 free(cfg_parser->cfg->ssl_service_key);
1083 cfg_parser->cfg->ssl_service_key = $2;
1084 }
1085 ;
1086 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
1087 {
1088 OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
1089 free(cfg_parser->cfg->ssl_service_pem);
1090 cfg_parser->cfg->ssl_service_pem = $2;
1091 }
1092 ;
1093 server_ssl_port: VAR_SSL_PORT STRING_ARG
1094 {
1095 OUTYY(("P(server_ssl_port:%s)\n", $2));
1096 if(atoi($2) == 0)
1097 yyerror("port number expected");
1098 else cfg_parser->cfg->ssl_port = atoi($2);
1099 free($2);
1100 }
1101 ;
1102 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
1103 {
1104 OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
1105 free(cfg_parser->cfg->tls_cert_bundle);
1106 cfg_parser->cfg->tls_cert_bundle = $2;
1107 }
1108 ;
1109 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
1110 {
1111 OUTYY(("P(server_tls_win_cert:%s)\n", $2));
1112 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1113 yyerror("expected yes or no.");
1114 else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
1115 free($2);
1116 }
1117 ;
1118 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
1119 {
1120 OUTYY(("P(server_tls_additional_port:%s)\n", $2));
1121 if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
1122 $2))
1123 yyerror("out of memory");
1124 }
1125 ;
1126 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
1127 {
1128 OUTYY(("P(server_tls_ciphers:%s)\n", $2));
1129 free(cfg_parser->cfg->tls_ciphers);
1130 cfg_parser->cfg->tls_ciphers = $2;
1131 }
1132 ;
1133 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
1134 {
1135 OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
1136 free(cfg_parser->cfg->tls_ciphersuites);
1137 cfg_parser->cfg->tls_ciphersuites = $2;
1138 }
1139 ;
1140 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
1141 {
1142 OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
1143 if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
1144 $2))
1145 yyerror("out of memory");
1146 }
1147 ;
1148 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
1149 {
1150 OUTYY(("P(server_tls_use_sni:%s)\n", $2));
1151 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1152 yyerror("expected yes or no.");
1153 else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
1154 free($2);
1155 }
1156 ;
1157 server_https_port: VAR_HTTPS_PORT STRING_ARG
1158 {
1159 OUTYY(("P(server_https_port:%s)\n", $2));
1160 if(atoi($2) == 0)
1161 yyerror("port number expected");
1162 else cfg_parser->cfg->https_port = atoi($2);
1163 free($2);
1164 };
1165 server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
1166 {
1167 OUTYY(("P(server_http_endpoint:%s)\n", $2));
1168 free(cfg_parser->cfg->http_endpoint);
1169 if($2 && $2[0] != '/') {
1170 cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
1171 if(!cfg_parser->cfg->http_endpoint)
1172 yyerror("out of memory");
1173 cfg_parser->cfg->http_endpoint[0] = '/';
1174 memmove(cfg_parser->cfg->http_endpoint+1, $2,
1175 strlen($2)+1);
1176 free($2);
1177 } else {
1178 cfg_parser->cfg->http_endpoint = $2;
1179 }
1180 };
1181 server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG
1182 {
1183 OUTYY(("P(server_http_max_streams:%s)\n", $2));
1184 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1185 yyerror("number expected");
1186 else cfg_parser->cfg->http_max_streams = atoi($2);
1187 free($2);
1188 };
1189 server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG
1190 {
1191 OUTYY(("P(server_http_query_buffer_size:%s)\n", $2));
1192 if(!cfg_parse_memsize($2,
1193 &cfg_parser->cfg->http_query_buffer_size))
1194 yyerror("memory size expected");
1195 free($2);
1196 };
1197 server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG
1198 {
1199 OUTYY(("P(server_http_response_buffer_size:%s)\n", $2));
1200 if(!cfg_parse_memsize($2,
1201 &cfg_parser->cfg->http_response_buffer_size))
1202 yyerror("memory size expected");
1203 free($2);
1204 };
1205 server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
1206 {
1207 OUTYY(("P(server_http_nodelay:%s)\n", $2));
1208 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1209 yyerror("expected yes or no.");
1210 else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
1211 free($2);
1212 };
1213 server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
1214 {
1215 OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
1216 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1217 yyerror("expected yes or no.");
1218 else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
1219 free($2);
1220 };
1221 server_quic_port: VAR_QUIC_PORT STRING_ARG
1222 {
1223 OUTYY(("P(server_quic_port:%s)\n", $2));
1224 #ifndef HAVE_NGTCP2
1225 log_warn("%s:%d: Unbound is not compiled with "
1226 "ngtcp2. This is required to use DNS "
1227 "over QUIC.", cfg_parser->filename, cfg_parser->line);
1228 #endif
1229 if(atoi($2) == 0)
1230 yyerror("port number expected");
1231 else cfg_parser->cfg->quic_port = atoi($2);
1232 free($2);
1233 };
1234 server_quic_size: VAR_QUIC_SIZE STRING_ARG
1235 {
1236 OUTYY(("P(server_quic_size:%s)\n", $2));
1237 if(!cfg_parse_memsize($2, &cfg_parser->cfg->quic_size))
1238 yyerror("memory size expected");
1239 free($2);
1240 };
1241 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
1242 {
1243 OUTYY(("P(server_use_systemd:%s)\n", $2));
1244 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1245 yyerror("expected yes or no.");
1246 else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
1247 free($2);
1248 }
1249 ;
1250 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
1251 {
1252 OUTYY(("P(server_do_daemonize:%s)\n", $2));
1253 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1254 yyerror("expected yes or no.");
1255 else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
1256 free($2);
1257 }
1258 ;
1259 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
1260 {
1261 OUTYY(("P(server_use_syslog:%s)\n", $2));
1262 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1263 yyerror("expected yes or no.");
1264 else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
1265 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
1266 if(strcmp($2, "yes") == 0)
1267 yyerror("no syslog services are available. "
1268 "(reconfigure and compile to add)");
1269 #endif
1270 free($2);
1271 }
1272 ;
1273 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1274 {
1275 OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1276 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1277 yyerror("expected yes or no.");
1278 else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1279 free($2);
1280 }
1281 ;
1282 server_log_time_iso: VAR_LOG_TIME_ISO STRING_ARG
1283 {
1284 OUTYY(("P(server_log_time_iso:%s)\n", $2));
1285 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1286 yyerror("expected yes or no.");
1287 else cfg_parser->cfg->log_time_iso = (strcmp($2, "yes")==0);
1288 free($2);
1289 }
1290 ;
1291 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1292 {
1293 OUTYY(("P(server_log_queries:%s)\n", $2));
1294 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1295 yyerror("expected yes or no.");
1296 else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1297 free($2);
1298 }
1299 ;
1300 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1301 {
1302 OUTYY(("P(server_log_replies:%s)\n", $2));
1303 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1304 yyerror("expected yes or no.");
1305 else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1306 free($2);
1307 }
1308 ;
1309 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1310 {
1311 OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1312 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1313 yyerror("expected yes or no.");
1314 else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1315 free($2);
1316 }
1317 ;
1318 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1319 {
1320 OUTYY(("P(server_log_servfail:%s)\n", $2));
1321 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1322 yyerror("expected yes or no.");
1323 else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1324 free($2);
1325 }
1326 ;
1327 server_log_destaddr: VAR_LOG_DESTADDR STRING_ARG
1328 {
1329 OUTYY(("P(server_log_destaddr:%s)\n", $2));
1330 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1331 yyerror("expected yes or no.");
1332 else cfg_parser->cfg->log_destaddr = (strcmp($2, "yes")==0);
1333 free($2);
1334 }
1335 ;
1336 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1337 {
1338 OUTYY(("P(server_log_local_actions:%s)\n", $2));
1339 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1340 yyerror("expected yes or no.");
1341 else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1342 free($2);
1343 }
1344 ;
1345 server_chroot: VAR_CHROOT STRING_ARG
1346 {
1347 OUTYY(("P(server_chroot:%s)\n", $2));
1348 free(cfg_parser->cfg->chrootdir);
1349 cfg_parser->cfg->chrootdir = $2;
1350 }
1351 ;
1352 server_username: VAR_USERNAME STRING_ARG
1353 {
1354 OUTYY(("P(server_username:%s)\n", $2));
1355 free(cfg_parser->cfg->username);
1356 cfg_parser->cfg->username = $2;
1357 }
1358 ;
1359 server_directory: VAR_DIRECTORY STRING_ARG
1360 {
1361 OUTYY(("P(server_directory:%s)\n", $2));
1362 free(cfg_parser->cfg->directory);
1363 cfg_parser->cfg->directory = $2;
1364 /* change there right away for includes relative to this */
1365 if($2[0]) {
1366 char* d;
1367 #ifdef UB_ON_WINDOWS
1368 w_config_adjust_directory(cfg_parser->cfg);
1369 #endif
1370 d = cfg_parser->cfg->directory;
1371 /* adjust directory if we have already chroot,
1372 * like, we reread after sighup */
1373 if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1374 strncmp(d, cfg_parser->chroot, strlen(
1375 cfg_parser->chroot)) == 0)
1376 d += strlen(cfg_parser->chroot);
1377 if(d[0]) {
1378 if(chdir(d))
1379 log_err("cannot chdir to directory: %s (%s)",
1380 d, strerror(errno));
1381 }
1382 }
1383 }
1384 ;
1385 server_logfile: VAR_LOGFILE STRING_ARG
1386 {
1387 OUTYY(("P(server_logfile:%s)\n", $2));
1388 free(cfg_parser->cfg->logfile);
1389 cfg_parser->cfg->logfile = $2;
1390 cfg_parser->cfg->use_syslog = 0;
1391 }
1392 ;
1393 server_pidfile: VAR_PIDFILE STRING_ARG
1394 {
1395 OUTYY(("P(server_pidfile:%s)\n", $2));
1396 free(cfg_parser->cfg->pidfile);
1397 cfg_parser->cfg->pidfile = $2;
1398 }
1399 ;
1400 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1401 {
1402 OUTYY(("P(server_root_hints:%s)\n", $2));
1403 if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1404 yyerror("out of memory");
1405 }
1406 ;
1407 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1408 {
1409 OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1410 log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
1411 free($2);
1412 }
1413 ;
1414 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1415 {
1416 OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1417 log_warn("option dlv-anchor ignored: DLV is decommissioned");
1418 free($2);
1419 }
1420 ;
1421 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1422 {
1423 OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1424 if(!cfg_strlist_insert(&cfg_parser->cfg->
1425 auto_trust_anchor_file_list, $2))
1426 yyerror("out of memory");
1427 }
1428 ;
1429 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1430 {
1431 OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1432 if(!cfg_strlist_insert(&cfg_parser->cfg->
1433 trust_anchor_file_list, $2))
1434 yyerror("out of memory");
1435 }
1436 ;
1437 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1438 {
1439 OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1440 if(!cfg_strlist_insert(&cfg_parser->cfg->
1441 trusted_keys_file_list, $2))
1442 yyerror("out of memory");
1443 }
1444 ;
1445 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1446 {
1447 OUTYY(("P(server_trust_anchor:%s)\n", $2));
1448 if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1449 yyerror("out of memory");
1450 }
1451 ;
1452 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1453 {
1454 OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1455 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1456 yyerror("expected yes or no.");
1457 else
1458 cfg_parser->cfg->trust_anchor_signaling =
1459 (strcmp($2, "yes")==0);
1460 free($2);
1461 }
1462 ;
1463 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1464 {
1465 OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1466 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1467 yyerror("expected yes or no.");
1468 else
1469 cfg_parser->cfg->root_key_sentinel =
1470 (strcmp($2, "yes")==0);
1471 free($2);
1472 }
1473 ;
1474 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1475 {
1476 OUTYY(("P(server_domain_insecure:%s)\n", $2));
1477 if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1478 yyerror("out of memory");
1479 }
1480 ;
1481 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1482 {
1483 OUTYY(("P(server_hide_identity:%s)\n", $2));
1484 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1485 yyerror("expected yes or no.");
1486 else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1487 free($2);
1488 }
1489 ;
1490 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1491 {
1492 OUTYY(("P(server_hide_version:%s)\n", $2));
1493 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1494 yyerror("expected yes or no.");
1495 else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1496 free($2);
1497 }
1498 ;
1499 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1500 {
1501 OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1502 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1503 yyerror("expected yes or no.");
1504 else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1505 free($2);
1506 }
1507 ;
1508 server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
1509 {
1510 OUTYY(("P(server_hide_user_agent:%s)\n", $2));
1511 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1512 yyerror("expected yes or no.");
1513 else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
1514 free($2);
1515 }
1516 ;
1517 server_identity: VAR_IDENTITY STRING_ARG
1518 {
1519 OUTYY(("P(server_identity:%s)\n", $2));
1520 free(cfg_parser->cfg->identity);
1521 cfg_parser->cfg->identity = $2;
1522 }
1523 ;
1524 server_version: VAR_VERSION STRING_ARG
1525 {
1526 OUTYY(("P(server_version:%s)\n", $2));
1527 free(cfg_parser->cfg->version);
1528 cfg_parser->cfg->version = $2;
1529 }
1530 ;
1531 server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
1532 {
1533 OUTYY(("P(server_http_user_agent:%s)\n", $2));
1534 free(cfg_parser->cfg->http_user_agent);
1535 cfg_parser->cfg->http_user_agent = $2;
1536 }
1537 ;
1538 server_nsid: VAR_NSID STRING_ARG
1539 {
1540 OUTYY(("P(server_nsid:%s)\n", $2));
1541 free(cfg_parser->cfg->nsid_cfg_str);
1542 cfg_parser->cfg->nsid_cfg_str = $2;
1543 free(cfg_parser->cfg->nsid);
1544 cfg_parser->cfg->nsid = NULL;
1545 cfg_parser->cfg->nsid_len = 0;
1546 if (*$2 == 0)
1547 ; /* pass; empty string is not setting nsid */
1548 else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid(
1549 $2, &cfg_parser->cfg->nsid_len)))
1550 yyerror("the NSID must be either a hex string or an "
1551 "ascii character string prepended with ascii_.");
1552 }
1553 ;
1554 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1555 {
1556 OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1557 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1558 yyerror("buffer size expected");
1559 free($2);
1560 }
1561 ;
1562 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1563 {
1564 OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1565 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1566 yyerror("buffer size expected");
1567 free($2);
1568 }
1569 ;
1570 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1571 {
1572 OUTYY(("P(server_so_reuseport:%s)\n", $2));
1573 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1574 yyerror("expected yes or no.");
1575 else cfg_parser->cfg->so_reuseport =
1576 (strcmp($2, "yes")==0);
1577 free($2);
1578 }
1579 ;
1580 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1581 {
1582 OUTYY(("P(server_ip_transparent:%s)\n", $2));
1583 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1584 yyerror("expected yes or no.");
1585 else cfg_parser->cfg->ip_transparent =
1586 (strcmp($2, "yes")==0);
1587 free($2);
1588 }
1589 ;
1590 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1591 {
1592 OUTYY(("P(server_ip_freebind:%s)\n", $2));
1593 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1594 yyerror("expected yes or no.");
1595 else cfg_parser->cfg->ip_freebind =
1596 (strcmp($2, "yes")==0);
1597 free($2);
1598 }
1599 ;
1600 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1601 {
1602 OUTYY(("P(server_ip_dscp:%s)\n", $2));
1603 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1604 yyerror("number expected");
1605 else if (atoi($2) > 63)
1606 yyerror("value too large (max 63)");
1607 else if (atoi($2) < 0)
1608 yyerror("value too small (min 0)");
1609 else
1610 cfg_parser->cfg->ip_dscp = atoi($2);
1611 free($2);
1612 }
1613 ;
1614 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1615 {
1616 OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1617 if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1618 yyerror("memory size expected");
1619 free($2);
1620 }
1621 ;
1622 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1623 {
1624 OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1625 if(atoi($2) == 0)
1626 yyerror("number expected");
1627 else if (atoi($2) < 12)
1628 yyerror("edns buffer size too small");
1629 else if (atoi($2) > 65535)
1630 cfg_parser->cfg->edns_buffer_size = 65535;
1631 else cfg_parser->cfg->edns_buffer_size = atoi($2);
1632 free($2);
1633 }
1634 ;
1635 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1636 {
1637 OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1638 if(atoi($2) == 0)
1639 yyerror("number expected");
1640 else if (atoi($2) < 4096)
1641 yyerror("message buffer size too small (use 4096)");
1642 else cfg_parser->cfg->msg_buffer_size = atoi($2);
1643 free($2);
1644 }
1645 ;
1646 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1647 {
1648 OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1649 if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1650 yyerror("memory size expected");
1651 free($2);
1652 }
1653 ;
1654 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1655 {
1656 OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1657 if(atoi($2) == 0) {
1658 yyerror("number expected");
1659 } else {
1660 cfg_parser->cfg->msg_cache_slabs = atoi($2);
1661 if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1662 yyerror("must be a power of 2");
1663 }
1664 free($2);
1665 }
1666 ;
1667 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1668 {
1669 OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1670 if(atoi($2) == 0)
1671 yyerror("number expected");
1672 else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1673 free($2);
1674 }
1675 ;
1676 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1677 {
1678 OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1679 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1680 yyerror("number expected");
1681 else cfg_parser->cfg->jostle_time = atoi($2);
1682 free($2);
1683 }
1684 ;
1685 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1686 {
1687 OUTYY(("P(server_delay_close:%s)\n", $2));
1688 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1689 yyerror("number expected");
1690 else cfg_parser->cfg->delay_close = atoi($2);
1691 free($2);
1692 }
1693 ;
1694 server_udp_connect: VAR_UDP_CONNECT STRING_ARG
1695 {
1696 OUTYY(("P(server_udp_connect:%s)\n", $2));
1697 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1698 yyerror("expected yes or no.");
1699 else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
1700 free($2);
1701 }
1702 ;
1703 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1704 {
1705 OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1706 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1707 yyerror("expected yes or no.");
1708 else cfg_parser->cfg->unblock_lan_zones =
1709 (strcmp($2, "yes")==0);
1710 free($2);
1711 }
1712 ;
1713 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1714 {
1715 OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1716 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1717 yyerror("expected yes or no.");
1718 else cfg_parser->cfg->insecure_lan_zones =
1719 (strcmp($2, "yes")==0);
1720 free($2);
1721 }
1722 ;
1723 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1724 {
1725 OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1726 if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1727 yyerror("memory size expected");
1728 free($2);
1729 }
1730 ;
1731 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1732 {
1733 OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1734 if(atoi($2) == 0) {
1735 yyerror("number expected");
1736 } else {
1737 cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1738 if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1739 yyerror("must be a power of 2");
1740 }
1741 free($2);
1742 }
1743 ;
1744 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1745 {
1746 OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1747 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1748 yyerror("number expected");
1749 else cfg_parser->cfg->host_ttl = atoi($2);
1750 free($2);
1751 }
1752 ;
1753 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1754 {
1755 OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1756 verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1757 "removed, use infra-host-ttl)", $2);
1758 free($2);
1759 }
1760 ;
1761 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1762 {
1763 OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1764 if(atoi($2) == 0)
1765 yyerror("number expected");
1766 else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1767 free($2);
1768 }
1769 ;
1770 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1771 {
1772 OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1773 verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1774 "(option removed, use infra-cache-numhosts)", $2);
1775 free($2);
1776 }
1777 ;
1778 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1779 {
1780 OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1781 if(atoi($2) == 0) {
1782 yyerror("number expected");
1783 } else {
1784 cfg_parser->cfg->infra_cache_slabs = atoi($2);
1785 if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1786 yyerror("must be a power of 2");
1787 }
1788 free($2);
1789 }
1790 ;
1791 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1792 {
1793 OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1794 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1795 yyerror("number expected");
1796 else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1797 free($2);
1798 }
1799 ;
1800 server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG
1801 {
1802 OUTYY(("P(server_infra_cache_max_rtt:%s)\n", $2));
1803 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1804 yyerror("number expected");
1805 else cfg_parser->cfg->infra_cache_max_rtt = atoi($2);
1806 free($2);
1807 }
1808 ;
1809 server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
1810 {
1811 OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
1812 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1813 yyerror("expected yes or no.");
1814 else cfg_parser->cfg->infra_keep_probing =
1815 (strcmp($2, "yes")==0);
1816 free($2);
1817 }
1818 ;
1819 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1820 {
1821 OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1822 free(cfg_parser->cfg->target_fetch_policy);
1823 cfg_parser->cfg->target_fetch_policy = $2;
1824 }
1825 ;
1826 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1827 {
1828 OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1829 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1830 yyerror("expected yes or no.");
1831 else cfg_parser->cfg->harden_short_bufsize =
1832 (strcmp($2, "yes")==0);
1833 free($2);
1834 }
1835 ;
1836 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1837 {
1838 OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1839 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1840 yyerror("expected yes or no.");
1841 else cfg_parser->cfg->harden_large_queries =
1842 (strcmp($2, "yes")==0);
1843 free($2);
1844 }
1845 ;
1846 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1847 {
1848 OUTYY(("P(server_harden_glue:%s)\n", $2));
1849 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1850 yyerror("expected yes or no.");
1851 else cfg_parser->cfg->harden_glue =
1852 (strcmp($2, "yes")==0);
1853 free($2);
1854 }
1855 ;
1856 server_harden_unverified_glue: VAR_HARDEN_UNVERIFIED_GLUE STRING_ARG
1857 {
1858 OUTYY(("P(server_harden_unverified_glue:%s)\n", $2));
1859 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1860 yyerror("expected yes or no.");
1861 else cfg_parser->cfg->harden_unverified_glue =
1862 (strcmp($2, "yes")==0);
1863 free($2);
1864 }
1865 ;
1866 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1867 {
1868 OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1869 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1870 yyerror("expected yes or no.");
1871 else cfg_parser->cfg->harden_dnssec_stripped =
1872 (strcmp($2, "yes")==0);
1873 free($2);
1874 }
1875 ;
1876 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1877 {
1878 OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1879 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1880 yyerror("expected yes or no.");
1881 else cfg_parser->cfg->harden_below_nxdomain =
1882 (strcmp($2, "yes")==0);
1883 free($2);
1884 }
1885 ;
1886 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1887 {
1888 OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1889 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1890 yyerror("expected yes or no.");
1891 else cfg_parser->cfg->harden_referral_path =
1892 (strcmp($2, "yes")==0);
1893 free($2);
1894 }
1895 ;
1896 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1897 {
1898 OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1899 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1900 yyerror("expected yes or no.");
1901 else cfg_parser->cfg->harden_algo_downgrade =
1902 (strcmp($2, "yes")==0);
1903 free($2);
1904 }
1905 ;
1906 server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG
1907 {
1908 OUTYY(("P(server_harden_unknown_additional:%s)\n", $2));
1909 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1910 yyerror("expected yes or no.");
1911 else cfg_parser->cfg->harden_unknown_additional =
1912 (strcmp($2, "yes")==0);
1913 free($2);
1914 }
1915 ;
1916 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1917 {
1918 OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1919 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1920 yyerror("expected yes or no.");
1921 else cfg_parser->cfg->use_caps_bits_for_id =
1922 (strcmp($2, "yes")==0);
1923 free($2);
1924 }
1925 ;
1926 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1927 {
1928 OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1929 if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1930 yyerror("out of memory");
1931 }
1932 ;
1933 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1934 {
1935 OUTYY(("P(server_private_address:%s)\n", $2));
1936 if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1937 yyerror("out of memory");
1938 }
1939 ;
1940 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1941 {
1942 OUTYY(("P(server_private_domain:%s)\n", $2));
1943 if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1944 yyerror("out of memory");
1945 }
1946 ;
1947 server_prefetch: VAR_PREFETCH STRING_ARG
1948 {
1949 OUTYY(("P(server_prefetch:%s)\n", $2));
1950 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1951 yyerror("expected yes or no.");
1952 else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1953 free($2);
1954 }
1955 ;
1956 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1957 {
1958 OUTYY(("P(server_prefetch_key:%s)\n", $2));
1959 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1960 yyerror("expected yes or no.");
1961 else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1962 free($2);
1963 }
1964 ;
1965 server_deny_any: VAR_DENY_ANY STRING_ARG
1966 {
1967 OUTYY(("P(server_deny_any:%s)\n", $2));
1968 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1969 yyerror("expected yes or no.");
1970 else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1971 free($2);
1972 }
1973 ;
1974 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1975 {
1976 OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1977 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1978 yyerror("number expected");
1979 else cfg_parser->cfg->unwanted_threshold = atoi($2);
1980 free($2);
1981 }
1982 ;
1983 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1984 {
1985 OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1986 if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1987 yyerror("out of memory");
1988 }
1989 ;
1990 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1991 {
1992 OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1993 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1994 yyerror("expected yes or no.");
1995 else cfg_parser->cfg->donotquery_localhost =
1996 (strcmp($2, "yes")==0);
1997 free($2);
1998 }
1999 ;
2000 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
2001 {
2002 OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
2003 validate_acl_action($3);
2004 if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
2005 fatal_exit("out of memory adding acl");
2006 }
2007 ;
2008 server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG
2009 {
2010 OUTYY(("P(server_interface_action:%s %s)\n", $2, $3));
2011 validate_acl_action($3);
2012 if(!cfg_str2list_insert(
2013 &cfg_parser->cfg->interface_actions, $2, $3))
2014 fatal_exit("out of memory adding acl");
2015 }
2016 ;
2017 server_module_conf: VAR_MODULE_CONF STRING_ARG
2018 {
2019 OUTYY(("P(server_module_conf:%s)\n", $2));
2020 free(cfg_parser->cfg->module_conf);
2021 cfg_parser->cfg->module_conf = $2;
2022 }
2023 ;
2024 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
2025 {
2026 OUTYY(("P(server_val_override_date:%s)\n", $2));
2027 if(*$2 == '\0' || strcmp($2, "0") == 0) {
2028 cfg_parser->cfg->val_date_override = 0;
2029 } else if(strlen($2) == 14) {
2030 cfg_parser->cfg->val_date_override =
2031 cfg_convert_timeval($2);
2032 if(!cfg_parser->cfg->val_date_override)
2033 yyerror("bad date/time specification");
2034 } else {
2035 if(atoi($2) == 0)
2036 yyerror("number expected");
2037 cfg_parser->cfg->val_date_override = atoi($2);
2038 }
2039 free($2);
2040 }
2041 ;
2042 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
2043 {
2044 OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
2045 if(*$2 == '\0' || strcmp($2, "0") == 0) {
2046 cfg_parser->cfg->val_sig_skew_min = 0;
2047 } else {
2048 cfg_parser->cfg->val_sig_skew_min = atoi($2);
2049 if(!cfg_parser->cfg->val_sig_skew_min)
2050 yyerror("number expected");
2051 }
2052 free($2);
2053 }
2054 ;
2055 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
2056 {
2057 OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
2058 if(*$2 == '\0' || strcmp($2, "0") == 0) {
2059 cfg_parser->cfg->val_sig_skew_max = 0;
2060 } else {
2061 cfg_parser->cfg->val_sig_skew_max = atoi($2);
2062 if(!cfg_parser->cfg->val_sig_skew_max)
2063 yyerror("number expected");
2064 }
2065 free($2);
2066 }
2067 ;
2068 server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG
2069 {
2070 OUTYY(("P(server_val_max_restart:%s)\n", $2));
2071 if(*$2 == '\0' || strcmp($2, "0") == 0) {
2072 cfg_parser->cfg->val_max_restart = 0;
2073 } else {
2074 cfg_parser->cfg->val_max_restart = atoi($2);
2075 if(!cfg_parser->cfg->val_max_restart)
2076 yyerror("number expected");
2077 }
2078 free($2);
2079 }
2080 ;
2081 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
2082 {
2083 OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
2084 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2085 yyerror("number expected");
2086 else cfg_parser->cfg->max_ttl = atoi($2);
2087 free($2);
2088 }
2089 ;
2090 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
2091 {
2092 OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
2093 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2094 yyerror("number expected");
2095 else cfg_parser->cfg->max_negative_ttl = atoi($2);
2096 free($2);
2097 }
2098 ;
2099 server_cache_min_negative_ttl: VAR_CACHE_MIN_NEGATIVE_TTL STRING_ARG
2100 {
2101 OUTYY(("P(server_cache_min_negative_ttl:%s)\n", $2));
2102 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2103 yyerror("number expected");
2104 else cfg_parser->cfg->min_negative_ttl = atoi($2);
2105 free($2);
2106 }
2107 ;
2108 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
2109 {
2110 OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
2111 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2112 yyerror("number expected");
2113 else cfg_parser->cfg->min_ttl = atoi($2);
2114 free($2);
2115 }
2116 ;
2117 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
2118 {
2119 OUTYY(("P(server_bogus_ttl:%s)\n", $2));
2120 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2121 yyerror("number expected");
2122 else cfg_parser->cfg->bogus_ttl = atoi($2);
2123 free($2);
2124 }
2125 ;
2126 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
2127 {
2128 OUTYY(("P(server_val_clean_additional:%s)\n", $2));
2129 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2130 yyerror("expected yes or no.");
2131 else cfg_parser->cfg->val_clean_additional =
2132 (strcmp($2, "yes")==0);
2133 free($2);
2134 }
2135 ;
2136 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
2137 {
2138 OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
2139 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2140 yyerror("expected yes or no.");
2141 else cfg_parser->cfg->val_permissive_mode =
2142 (strcmp($2, "yes")==0);
2143 free($2);
2144 }
2145 ;
2146 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
2147 {
2148 OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
2149 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2150 yyerror("expected yes or no.");
2151 else
2152 cfg_parser->cfg->aggressive_nsec =
2153 (strcmp($2, "yes")==0);
2154 free($2);
2155 }
2156 ;
2157 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
2158 {
2159 OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
2160 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2161 yyerror("expected yes or no.");
2162 else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
2163 free($2);
2164 }
2165 ;
2166 server_disable_edns_do: VAR_DISABLE_EDNS_DO STRING_ARG
2167 {
2168 OUTYY(("P(server_disable_edns_do:%s)\n", $2));
2169 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2170 yyerror("expected yes or no.");
2171 else cfg_parser->cfg->disable_edns_do = (strcmp($2, "yes")==0);
2172 free($2);
2173 }
2174 ;
2175 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
2176 {
2177 OUTYY(("P(server_serve_expired:%s)\n", $2));
2178 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2179 yyerror("expected yes or no.");
2180 else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
2181 free($2);
2182 }
2183 ;
2184 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
2185 {
2186 OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
2187 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2188 yyerror("number expected");
2189 else cfg_parser->cfg->serve_expired_ttl = atoi($2);
2190 free($2);
2191 }
2192 ;
2193 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
2194 {
2195 OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
2196 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2197 yyerror("expected yes or no.");
2198 else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
2199 free($2);
2200 }
2201 ;
2202 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
2203 {
2204 OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
2205 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2206 yyerror("number expected");
2207 else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
2208 free($2);
2209 }
2210 ;
2211 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
2212 {
2213 OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
2214 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2215 yyerror("number expected");
2216 else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
2217 free($2);
2218 }
2219 ;
2220 server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG
2221 {
2222 OUTYY(("P(server_ede_serve_expired:%s)\n", $2));
2223 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2224 yyerror("expected yes or no.");
2225 else cfg_parser->cfg->ede_serve_expired = (strcmp($2, "yes")==0);
2226 free($2);
2227 }
2228 ;
2229 server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG
2230 {
2231 OUTYY(("P(server_serve_original_ttl:%s)\n", $2));
2232 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2233 yyerror("expected yes or no.");
2234 else cfg_parser->cfg->serve_original_ttl = (strcmp($2, "yes")==0);
2235 free($2);
2236 }
2237 ;
2238 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
2239 {
2240 OUTYY(("P(server_fake_dsa:%s)\n", $2));
2241 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2242 yyerror("expected yes or no.");
2243 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2244 else fake_dsa = (strcmp($2, "yes")==0);
2245 if(fake_dsa)
2246 log_warn("test option fake_dsa is enabled");
2247 #endif
2248 free($2);
2249 }
2250 ;
2251 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
2252 {
2253 OUTYY(("P(server_fake_sha1:%s)\n", $2));
2254 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2255 yyerror("expected yes or no.");
2256 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2257 else fake_sha1 = (strcmp($2, "yes")==0);
2258 if(fake_sha1)
2259 log_warn("test option fake_sha1 is enabled");
2260 #endif
2261 free($2);
2262 }
2263 ;
2264 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
2265 {
2266 OUTYY(("P(server_val_log_level:%s)\n", $2));
2267 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2268 yyerror("number expected");
2269 else cfg_parser->cfg->val_log_level = atoi($2);
2270 free($2);
2271 }
2272 ;
2273 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
2274 {
2275 OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
2276 free(cfg_parser->cfg->val_nsec3_key_iterations);
2277 cfg_parser->cfg->val_nsec3_key_iterations = $2;
2278 }
2279 ;
2280 server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG
2281 {
2282 OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2));
2283 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2284 yyerror("expected yes or no.");
2285 else cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0);
2286 free($2);
2287 }
2288 ;
2289 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
2290 {
2291 OUTYY(("P(server_add_holddown:%s)\n", $2));
2292 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2293 yyerror("number expected");
2294 else cfg_parser->cfg->add_holddown = atoi($2);
2295 free($2);
2296 }
2297 ;
2298 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
2299 {
2300 OUTYY(("P(server_del_holddown:%s)\n", $2));
2301 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2302 yyerror("number expected");
2303 else cfg_parser->cfg->del_holddown = atoi($2);
2304 free($2);
2305 }
2306 ;
2307 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
2308 {
2309 OUTYY(("P(server_keep_missing:%s)\n", $2));
2310 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2311 yyerror("number expected");
2312 else cfg_parser->cfg->keep_missing = atoi($2);
2313 free($2);
2314 }
2315 ;
2316 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
2317 {
2318 OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
2319 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2320 yyerror("expected yes or no.");
2321 else cfg_parser->cfg->permit_small_holddown =
2322 (strcmp($2, "yes")==0);
2323 free($2);
2324 }
2325 ;
2326 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
2327 {
2328 OUTYY(("P(server_key_cache_size:%s)\n", $2));
2329 if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
2330 yyerror("memory size expected");
2331 free($2);
2332 }
2333 ;
2334 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
2335 {
2336 OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
2337 if(atoi($2) == 0) {
2338 yyerror("number expected");
2339 } else {
2340 cfg_parser->cfg->key_cache_slabs = atoi($2);
2341 if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
2342 yyerror("must be a power of 2");
2343 }
2344 free($2);
2345 }
2346 ;
2347 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
2348 {
2349 OUTYY(("P(server_neg_cache_size:%s)\n", $2));
2350 if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
2351 yyerror("memory size expected");
2352 free($2);
2353 }
2354 ;
2355 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2356 {
2357 OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
2358 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2359 strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2360 strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2361 && strcmp($3, "typetransparent")!=0
2362 && strcmp($3, "always_transparent")!=0
2363 && strcmp($3, "block_a")!=0
2364 && strcmp($3, "always_refuse")!=0
2365 && strcmp($3, "always_nxdomain")!=0
2366 && strcmp($3, "always_nodata")!=0
2367 && strcmp($3, "always_deny")!=0
2368 && strcmp($3, "always_null")!=0
2369 && strcmp($3, "noview")!=0
2370 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2371 && strcmp($3, "inform_redirect") != 0
2372 && strcmp($3, "ipset") != 0) {
2373 yyerror("local-zone type: expected static, deny, "
2374 "refuse, redirect, transparent, "
2375 "typetransparent, inform, inform_deny, "
2376 "inform_redirect, always_transparent, block_a,"
2377 "always_refuse, always_nxdomain, "
2378 "always_nodata, always_deny, always_null, "
2379 "noview, nodefault or ipset");
2380 free($2);
2381 free($3);
2382 } else if(strcmp($3, "nodefault")==0) {
2383 if(!cfg_strlist_insert(&cfg_parser->cfg->
2384 local_zones_nodefault, $2))
2385 fatal_exit("out of memory adding local-zone");
2386 free($3);
2387 #ifdef USE_IPSET
2388 } else if(strcmp($3, "ipset")==0) {
2389 size_t len = strlen($2);
2390 /* Make sure to add the trailing dot.
2391 * These are str compared to domain names. */
2392 if($2[len-1] != '.') {
2393 if(!($2 = realloc($2, len+2))) {
2394 fatal_exit("out of memory adding local-zone");
2395 }
2396 $2[len] = '.';
2397 $2[len+1] = 0;
2398 }
2399 if(!cfg_strlist_insert(&cfg_parser->cfg->
2400 local_zones_ipset, $2))
2401 fatal_exit("out of memory adding local-zone");
2402 free($3);
2403 #endif
2404 } else {
2405 if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2406 $2, $3))
2407 fatal_exit("out of memory adding local-zone");
2408 }
2409 }
2410 ;
2411 server_local_data: VAR_LOCAL_DATA STRING_ARG
2412 {
2413 OUTYY(("P(server_local_data:%s)\n", $2));
2414 if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
2415 fatal_exit("out of memory adding local-data");
2416 }
2417 ;
2418 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2419 {
2420 char* ptr;
2421 OUTYY(("P(server_local_data_ptr:%s)\n", $2));
2422 ptr = cfg_ptr_reverse($2);
2423 free($2);
2424 if(ptr) {
2425 if(!cfg_strlist_insert(&cfg_parser->cfg->
2426 local_data, ptr))
2427 fatal_exit("out of memory adding local-data");
2428 } else {
2429 yyerror("local-data-ptr could not be reversed");
2430 }
2431 }
2432 ;
2433 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
2434 {
2435 OUTYY(("P(server_minimal_responses:%s)\n", $2));
2436 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2437 yyerror("expected yes or no.");
2438 else cfg_parser->cfg->minimal_responses =
2439 (strcmp($2, "yes")==0);
2440 free($2);
2441 }
2442 ;
2443 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2444 {
2445 OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2446 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2447 yyerror("expected yes or no.");
2448 else cfg_parser->cfg->rrset_roundrobin =
2449 (strcmp($2, "yes")==0);
2450 free($2);
2451 }
2452 ;
2453 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2454 {
2455 OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2456 cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2457 free($2);
2458 }
2459 ;
2460 server_discard_timeout: VAR_DISCARD_TIMEOUT STRING_ARG
2461 {
2462 OUTYY(("P(server_discard_timeout:%s)\n", $2));
2463 cfg_parser->cfg->discard_timeout = atoi($2);
2464 free($2);
2465 }
2466 ;
2467 server_wait_limit: VAR_WAIT_LIMIT STRING_ARG
2468 {
2469 OUTYY(("P(server_wait_limit:%s)\n", $2));
2470 cfg_parser->cfg->wait_limit = atoi($2);
2471 free($2);
2472 }
2473 ;
2474 server_wait_limit_cookie: VAR_WAIT_LIMIT_COOKIE STRING_ARG
2475 {
2476 OUTYY(("P(server_wait_limit_cookie:%s)\n", $2));
2477 cfg_parser->cfg->wait_limit_cookie = atoi($2);
2478 free($2);
2479 }
2480 ;
2481 server_wait_limit_netblock: VAR_WAIT_LIMIT_NETBLOCK STRING_ARG STRING_ARG
2482 {
2483 OUTYY(("P(server_wait_limit_netblock:%s %s)\n", $2, $3));
2484 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2485 yyerror("number expected");
2486 free($2);
2487 free($3);
2488 } else {
2489 if(!cfg_str2list_insert(&cfg_parser->cfg->
2490 wait_limit_netblock, $2, $3))
2491 fatal_exit("out of memory adding "
2492 "wait-limit-netblock");
2493 }
2494 }
2495 ;
2496 server_wait_limit_cookie_netblock: VAR_WAIT_LIMIT_COOKIE_NETBLOCK STRING_ARG STRING_ARG
2497 {
2498 OUTYY(("P(server_wait_limit_cookie_netblock:%s %s)\n", $2, $3));
2499 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2500 yyerror("number expected");
2501 free($2);
2502 free($3);
2503 } else {
2504 if(!cfg_str2list_insert(&cfg_parser->cfg->
2505 wait_limit_cookie_netblock, $2, $3))
2506 fatal_exit("out of memory adding "
2507 "wait-limit-cookie-netblock");
2508 }
2509 }
2510 ;
2511 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2512 {
2513 OUTYY(("P(server_max_udp_size:%s)\n", $2));
2514 cfg_parser->cfg->max_udp_size = atoi($2);
2515 free($2);
2516 }
2517 ;
2518 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2519 {
2520 OUTYY(("P(dns64_prefix:%s)\n", $2));
2521 free(cfg_parser->cfg->dns64_prefix);
2522 cfg_parser->cfg->dns64_prefix = $2;
2523 }
2524 ;
2525 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2526 {
2527 OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2528 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2529 yyerror("expected yes or no.");
2530 else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2531 free($2);
2532 }
2533 ;
2534 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2535 {
2536 OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2537 if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2538 $2))
2539 fatal_exit("out of memory adding dns64-ignore-aaaa");
2540 }
2541 ;
2542 server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG
2543 {
2544 OUTYY(("P(nat64_prefix:%s)\n", $2));
2545 free(cfg_parser->cfg->nat64_prefix);
2546 cfg_parser->cfg->nat64_prefix = $2;
2547 }
2548 ;
2549 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2550 {
2551 char* p, *s = $2;
2552 OUTYY(("P(server_define_tag:%s)\n", $2));
2553 while((p=strsep(&s, " \t\n")) != NULL) {
2554 if(*p) {
2555 if(!config_add_tag(cfg_parser->cfg, p))
2556 yyerror("could not define-tag, "
2557 "out of memory");
2558 }
2559 }
2560 free($2);
2561 }
2562 ;
2563 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2564 {
2565 size_t len = 0;
2566 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2567 &len);
2568 free($3);
2569 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2570 if(!bitlist) {
2571 yyerror("could not parse tags, (define-tag them first)");
2572 free($2);
2573 }
2574 if(bitlist) {
2575 if(!cfg_strbytelist_insert(
2576 &cfg_parser->cfg->local_zone_tags,
2577 $2, bitlist, len)) {
2578 yyerror("out of memory");
2579 free($2);
2580 }
2581 }
2582 }
2583 ;
2584 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2585 {
2586 size_t len = 0;
2587 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2588 &len);
2589 free($3);
2590 OUTYY(("P(server_access_control_tag:%s)\n", $2));
2591 if(!bitlist) {
2592 yyerror("could not parse tags, (define-tag them first)");
2593 free($2);
2594 }
2595 if(bitlist) {
2596 if(!cfg_strbytelist_insert(
2597 &cfg_parser->cfg->acl_tags,
2598 $2, bitlist, len)) {
2599 yyerror("out of memory");
2600 free($2);
2601 }
2602 }
2603 }
2604 ;
2605 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2606 {
2607 OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2608 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2609 $2, $3, $4)) {
2610 yyerror("out of memory");
2611 free($2);
2612 free($3);
2613 free($4);
2614 }
2615 }
2616 ;
2617 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2618 {
2619 OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2620 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2621 $2, $3, $4)) {
2622 yyerror("out of memory");
2623 free($2);
2624 free($3);
2625 free($4);
2626 }
2627 }
2628 ;
2629 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2630 {
2631 OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2632 if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2633 $2, $3, $4)) {
2634 yyerror("out of memory");
2635 free($2);
2636 free($3);
2637 free($4);
2638 }
2639 }
2640 ;
2641 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2642 {
2643 OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2644 if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2645 $2, $3)) {
2646 yyerror("out of memory");
2647 }
2648 }
2649 ;
2650 server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG
2651 {
2652 size_t len = 0;
2653 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2654 &len);
2655 free($3);
2656 OUTYY(("P(server_interface_tag:%s)\n", $2));
2657 if(!bitlist) {
2658 yyerror("could not parse tags, (define-tag them first)");
2659 free($2);
2660 }
2661 if(bitlist) {
2662 if(!cfg_strbytelist_insert(
2663 &cfg_parser->cfg->interface_tags,
2664 $2, bitlist, len)) {
2665 yyerror("out of memory");
2666 free($2);
2667 }
2668 }
2669 }
2670 ;
2671 server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2672 {
2673 OUTYY(("P(server_interface_tag_action:%s %s %s)\n", $2, $3, $4));
2674 if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions,
2675 $2, $3, $4)) {
2676 yyerror("out of memory");
2677 free($2);
2678 free($3);
2679 free($4);
2680 }
2681 }
2682 ;
2683 server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2684 {
2685 OUTYY(("P(server_interface_tag_data:%s %s %s)\n", $2, $3, $4));
2686 if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas,
2687 $2, $3, $4)) {
2688 yyerror("out of memory");
2689 free($2);
2690 free($3);
2691 free($4);
2692 }
2693 }
2694 ;
2695 server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG
2696 {
2697 OUTYY(("P(server_interface_view:%s %s)\n", $2, $3));
2698 if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view,
2699 $2, $3)) {
2700 yyerror("out of memory");
2701 }
2702 }
2703 ;
2704 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2705 {
2706 size_t len = 0;
2707 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2708 &len);
2709 free($3);
2710 OUTYY(("P(response_ip_tag:%s)\n", $2));
2711 if(!bitlist) {
2712 yyerror("could not parse tags, (define-tag them first)");
2713 free($2);
2714 }
2715 if(bitlist) {
2716 if(!cfg_strbytelist_insert(
2717 &cfg_parser->cfg->respip_tags,
2718 $2, bitlist, len)) {
2719 yyerror("out of memory");
2720 free($2);
2721 }
2722 }
2723 }
2724 ;
2725 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2726 {
2727 OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2728 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2729 yyerror("number expected");
2730 else cfg_parser->cfg->ip_ratelimit = atoi($2);
2731 free($2);
2732 }
2733 ;
2734 server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG
2735 {
2736 OUTYY(("P(server_ip_ratelimit_cookie:%s)\n", $2));
2737 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2738 yyerror("number expected");
2739 else cfg_parser->cfg->ip_ratelimit_cookie = atoi($2);
2740 free($2);
2741 }
2742 ;
2743 server_ratelimit: VAR_RATELIMIT STRING_ARG
2744 {
2745 OUTYY(("P(server_ratelimit:%s)\n", $2));
2746 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2747 yyerror("number expected");
2748 else cfg_parser->cfg->ratelimit = atoi($2);
2749 free($2);
2750 }
2751 ;
2752 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2753 {
2754 OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2755 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2756 yyerror("memory size expected");
2757 free($2);
2758 }
2759 ;
2760 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2761 {
2762 OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2763 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2764 yyerror("memory size expected");
2765 free($2);
2766 }
2767 ;
2768 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2769 {
2770 OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2771 if(atoi($2) == 0) {
2772 yyerror("number expected");
2773 } else {
2774 cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2775 if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2776 yyerror("must be a power of 2");
2777 }
2778 free($2);
2779 }
2780 ;
2781 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2782 {
2783 OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2784 if(atoi($2) == 0) {
2785 yyerror("number expected");
2786 } else {
2787 cfg_parser->cfg->ratelimit_slabs = atoi($2);
2788 if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2789 yyerror("must be a power of 2");
2790 }
2791 free($2);
2792 }
2793 ;
2794 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2795 {
2796 OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2797 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2798 yyerror("number expected");
2799 free($2);
2800 free($3);
2801 } else {
2802 if(!cfg_str2list_insert(&cfg_parser->cfg->
2803 ratelimit_for_domain, $2, $3))
2804 fatal_exit("out of memory adding "
2805 "ratelimit-for-domain");
2806 }
2807 }
2808 ;
2809 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2810 {
2811 OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2812 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2813 yyerror("number expected");
2814 free($2);
2815 free($3);
2816 } else {
2817 if(!cfg_str2list_insert(&cfg_parser->cfg->
2818 ratelimit_below_domain, $2, $3))
2819 fatal_exit("out of memory adding "
2820 "ratelimit-below-domain");
2821 }
2822 }
2823 ;
2824 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2825 {
2826 OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2827 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2828 yyerror("number expected");
2829 else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2830 free($2);
2831 }
2832 ;
2833 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2834 {
2835 OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2836 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2837 yyerror("number expected");
2838 else cfg_parser->cfg->ratelimit_factor = atoi($2);
2839 free($2);
2840 }
2841 ;
2842 server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG
2843 {
2844 OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", $2));
2845 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2846 yyerror("expected yes or no.");
2847 else cfg_parser->cfg->ip_ratelimit_backoff =
2848 (strcmp($2, "yes")==0);
2849 free($2);
2850 }
2851 ;
2852 server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG
2853 {
2854 OUTYY(("P(server_ratelimit_backoff:%s)\n", $2));
2855 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2856 yyerror("expected yes or no.");
2857 else cfg_parser->cfg->ratelimit_backoff =
2858 (strcmp($2, "yes")==0);
2859 free($2);
2860 }
2861 ;
2862 server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
2863 {
2864 OUTYY(("P(server_outbound_msg_retry:%s)\n", $2));
2865 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2866 yyerror("number expected");
2867 else cfg_parser->cfg->outbound_msg_retry = atoi($2);
2868 free($2);
2869 }
2870 ;
2871 server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG
2872 {
2873 OUTYY(("P(server_max_sent_count:%s)\n", $2));
2874 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2875 yyerror("number expected");
2876 else cfg_parser->cfg->max_sent_count = atoi($2);
2877 free($2);
2878 }
2879 ;
2880 server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG
2881 {
2882 OUTYY(("P(server_max_query_restarts:%s)\n", $2));
2883 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2884 yyerror("number expected");
2885 else cfg_parser->cfg->max_query_restarts = atoi($2);
2886 free($2);
2887 }
2888 ;
2889 server_low_rtt: VAR_LOW_RTT STRING_ARG
2890 {
2891 OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2892 free($2);
2893 }
2894 ;
2895 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2896 {
2897 OUTYY(("P(server_fast_server_num:%s)\n", $2));
2898 if(atoi($2) <= 0)
2899 yyerror("number expected");
2900 else cfg_parser->cfg->fast_server_num = atoi($2);
2901 free($2);
2902 }
2903 ;
2904 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2905 {
2906 OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2907 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2908 yyerror("number expected");
2909 else cfg_parser->cfg->fast_server_permil = atoi($2);
2910 free($2);
2911 }
2912 ;
2913 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2914 {
2915 OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2916 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2917 yyerror("expected yes or no.");
2918 else cfg_parser->cfg->qname_minimisation =
2919 (strcmp($2, "yes")==0);
2920 free($2);
2921 }
2922 ;
2923 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2924 {
2925 OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2926 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2927 yyerror("expected yes or no.");
2928 else cfg_parser->cfg->qname_minimisation_strict =
2929 (strcmp($2, "yes")==0);
2930 free($2);
2931 }
2932 ;
2933 server_pad_responses: VAR_PAD_RESPONSES STRING_ARG
2934 {
2935 OUTYY(("P(server_pad_responses:%s)\n", $2));
2936 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2937 yyerror("expected yes or no.");
2938 else cfg_parser->cfg->pad_responses =
2939 (strcmp($2, "yes")==0);
2940 free($2);
2941 }
2942 ;
2943 server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG
2944 {
2945 OUTYY(("P(server_pad_responses_block_size:%s)\n", $2));
2946 if(atoi($2) == 0)
2947 yyerror("number expected");
2948 else cfg_parser->cfg->pad_responses_block_size = atoi($2);
2949 free($2);
2950 }
2951 ;
2952 server_pad_queries: VAR_PAD_QUERIES STRING_ARG
2953 {
2954 OUTYY(("P(server_pad_queries:%s)\n", $2));
2955 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2956 yyerror("expected yes or no.");
2957 else cfg_parser->cfg->pad_queries =
2958 (strcmp($2, "yes")==0);
2959 free($2);
2960 }
2961 ;
2962 server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG
2963 {
2964 OUTYY(("P(server_pad_queries_block_size:%s)\n", $2));
2965 if(atoi($2) == 0)
2966 yyerror("number expected");
2967 else cfg_parser->cfg->pad_queries_block_size = atoi($2);
2968 free($2);
2969 }
2970 ;
2971 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2972 {
2973 #ifdef USE_IPSECMOD
2974 OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2975 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2976 yyerror("expected yes or no.");
2977 else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2978 #else
2979 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2980 #endif
2981 free($2);
2982 }
2983 ;
2984 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2985 {
2986 #ifdef USE_IPSECMOD
2987 OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2988 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2989 yyerror("expected yes or no.");
2990 else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2991 #else
2992 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2993 #endif
2994 free($2);
2995 }
2996 ;
2997 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2998 {
2999 #ifdef USE_IPSECMOD
3000 OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
3001 free(cfg_parser->cfg->ipsecmod_hook);
3002 cfg_parser->cfg->ipsecmod_hook = $2;
3003 #else
3004 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
3005 free($2);
3006 #endif
3007 }
3008 ;
3009 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
3010 {
3011 #ifdef USE_IPSECMOD
3012 OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
3013 if(atoi($2) == 0 && strcmp($2, "0") != 0)
3014 yyerror("number expected");
3015 else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
3016 free($2);
3017 #else
3018 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
3019 free($2);
3020 #endif
3021 }
3022 ;
3023 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
3024 {
3025 #ifdef USE_IPSECMOD
3026 OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
3027 if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
3028 yyerror("out of memory");
3029 #else
3030 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
3031 free($2);
3032 #endif
3033 }
3034 ;
3035 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
3036 {
3037 #ifdef USE_IPSECMOD
3038 OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
3039 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3040 yyerror("expected yes or no.");
3041 else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
3042 free($2);
3043 #else
3044 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
3045 free($2);
3046 #endif
3047 }
3048 ;
3049 server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
3050 {
3051 OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
3052 if(!cfg_str2list_insert(
3053 &cfg_parser->cfg->edns_client_strings, $2, $3))
3054 fatal_exit("out of memory adding "
3055 "edns-client-string");
3056 }
3057 ;
3058 server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
3059 {
3060 OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
3061 if(atoi($2) == 0 && strcmp($2, "0") != 0)
3062 yyerror("option code expected");
3063 else if(atoi($2) > 65535 || atoi($2) < 0)
3064 yyerror("option code must be in interval [0, 65535]");
3065 else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
3066 free($2);
3067 }
3068 ;
3069 server_ede: VAR_EDE STRING_ARG
3070 {
3071 OUTYY(("P(server_ede:%s)\n", $2));
3072 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3073 yyerror("expected yes or no.");
3074 else cfg_parser->cfg->ede = (strcmp($2, "yes")==0);
3075 free($2);
3076 }
3077 ;
3078 server_dns_error_reporting: VAR_DNS_ERROR_REPORTING STRING_ARG
3079 {
3080 OUTYY(("P(server_dns_error_reporting:%s)\n", $2));
3081 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3082 yyerror("expected yes or no.");
3083 else cfg_parser->cfg->dns_error_reporting = (strcmp($2, "yes")==0);
3084 free($2);
3085 }
3086 ;
3087 server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG
3088 {
3089 OUTYY(("P(server_proxy_protocol_port:%s)\n", $2));
3090 if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, $2))
3091 yyerror("out of memory");
3092 }
3093 ;
3094 stub_name: VAR_NAME STRING_ARG
3095 {
3096 OUTYY(("P(name:%s)\n", $2));
3097 if(cfg_parser->cfg->stubs->name)
3098 yyerror("stub name override, there must be one name "
3099 "for one stub-zone");
3100 free(cfg_parser->cfg->stubs->name);
3101 cfg_parser->cfg->stubs->name = $2;
3102 }
3103 ;
3104 stub_host: VAR_STUB_HOST STRING_ARG
3105 {
3106 OUTYY(("P(stub-host:%s)\n", $2));
3107 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
3108 yyerror("out of memory");
3109 }
3110 ;
3111 stub_addr: VAR_STUB_ADDR STRING_ARG
3112 {
3113 OUTYY(("P(stub-addr:%s)\n", $2));
3114 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
3115 yyerror("out of memory");
3116 }
3117 ;
3118 stub_first: VAR_STUB_FIRST STRING_ARG
3119 {
3120 OUTYY(("P(stub-first:%s)\n", $2));
3121 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3122 yyerror("expected yes or no.");
3123 else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
3124 free($2);
3125 }
3126 ;
3127 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
3128 {
3129 OUTYY(("P(stub-no-cache:%s)\n", $2));
3130 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3131 yyerror("expected yes or no.");
3132 else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
3133 free($2);
3134 }
3135 ;
3136 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
3137 {
3138 OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
3139 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3140 yyerror("expected yes or no.");
3141 else cfg_parser->cfg->stubs->ssl_upstream =
3142 (strcmp($2, "yes")==0);
3143 free($2);
3144 }
3145 ;
3146 stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG
3147 {
3148 OUTYY(("P(stub-tcp-upstream:%s)\n", $2));
3149 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3150 yyerror("expected yes or no.");
3151 else cfg_parser->cfg->stubs->tcp_upstream =
3152 (strcmp($2, "yes")==0);
3153 free($2);
3154 }
3155 ;
3156 stub_prime: VAR_STUB_PRIME STRING_ARG
3157 {
3158 OUTYY(("P(stub-prime:%s)\n", $2));
3159 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3160 yyerror("expected yes or no.");
3161 else cfg_parser->cfg->stubs->isprime =
3162 (strcmp($2, "yes")==0);
3163 free($2);
3164 }
3165 ;
3166 forward_name: VAR_NAME STRING_ARG
3167 {
3168 OUTYY(("P(name:%s)\n", $2));
3169 if(cfg_parser->cfg->forwards->name)
3170 yyerror("forward name override, there must be one "
3171 "name for one forward-zone");
3172 free(cfg_parser->cfg->forwards->name);
3173 cfg_parser->cfg->forwards->name = $2;
3174 }
3175 ;
3176 forward_host: VAR_FORWARD_HOST STRING_ARG
3177 {
3178 OUTYY(("P(forward-host:%s)\n", $2));
3179 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
3180 yyerror("out of memory");
3181 }
3182 ;
3183 forward_addr: VAR_FORWARD_ADDR STRING_ARG
3184 {
3185 OUTYY(("P(forward-addr:%s)\n", $2));
3186 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
3187 yyerror("out of memory");
3188 }
3189 ;
3190 forward_first: VAR_FORWARD_FIRST STRING_ARG
3191 {
3192 OUTYY(("P(forward-first:%s)\n", $2));
3193 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3194 yyerror("expected yes or no.");
3195 else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
3196 free($2);
3197 }
3198 ;
3199 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
3200 {
3201 OUTYY(("P(forward-no-cache:%s)\n", $2));
3202 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3203 yyerror("expected yes or no.");
3204 else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
3205 free($2);
3206 }
3207 ;
3208 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
3209 {
3210 OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
3211 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3212 yyerror("expected yes or no.");
3213 else cfg_parser->cfg->forwards->ssl_upstream =
3214 (strcmp($2, "yes")==0);
3215 free($2);
3216 }
3217 ;
3218 forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG
3219 {
3220 OUTYY(("P(forward-tcp-upstream:%s)\n", $2));
3221 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3222 yyerror("expected yes or no.");
3223 else cfg_parser->cfg->forwards->tcp_upstream =
3224 (strcmp($2, "yes")==0);
3225 free($2);
3226 }
3227 ;
3228 auth_name: VAR_NAME STRING_ARG
3229 {
3230 OUTYY(("P(name:%s)\n", $2));
3231 if(cfg_parser->cfg->auths->name)
3232 yyerror("auth name override, there must be one name "
3233 "for one auth-zone");
3234 free(cfg_parser->cfg->auths->name);
3235 cfg_parser->cfg->auths->name = $2;
3236 }
3237 ;
3238 auth_zonefile: VAR_ZONEFILE STRING_ARG
3239 {
3240 OUTYY(("P(zonefile:%s)\n", $2));
3241 free(cfg_parser->cfg->auths->zonefile);
3242 cfg_parser->cfg->auths->zonefile = $2;
3243 }
3244 ;
3245 auth_master: VAR_MASTER STRING_ARG
3246 {
3247 OUTYY(("P(master:%s)\n", $2));
3248 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
3249 yyerror("out of memory");
3250 }
3251 ;
3252 auth_url: VAR_URL STRING_ARG
3253 {
3254 OUTYY(("P(url:%s)\n", $2));
3255 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
3256 yyerror("out of memory");
3257 }
3258 ;
3259 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
3260 {
3261 OUTYY(("P(allow-notify:%s)\n", $2));
3262 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
3263 $2))
3264 yyerror("out of memory");
3265 }
3266 ;
3267 auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG
3268 {
3269 OUTYY(("P(zonemd-check:%s)\n", $2));
3270 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3271 yyerror("expected yes or no.");
3272 else cfg_parser->cfg->auths->zonemd_check =
3273 (strcmp($2, "yes")==0);
3274 free($2);
3275 }
3276 ;
3277 auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG
3278 {
3279 OUTYY(("P(zonemd-reject-absence:%s)\n", $2));
3280 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3281 yyerror("expected yes or no.");
3282 else cfg_parser->cfg->auths->zonemd_reject_absence =
3283 (strcmp($2, "yes")==0);
3284 free($2);
3285 }
3286 ;
3287 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
3288 {
3289 OUTYY(("P(for-downstream:%s)\n", $2));
3290 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3291 yyerror("expected yes or no.");
3292 else cfg_parser->cfg->auths->for_downstream =
3293 (strcmp($2, "yes")==0);
3294 free($2);
3295 }
3296 ;
3297 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
3298 {
3299 OUTYY(("P(for-upstream:%s)\n", $2));
3300 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3301 yyerror("expected yes or no.");
3302 else cfg_parser->cfg->auths->for_upstream =
3303 (strcmp($2, "yes")==0);
3304 free($2);
3305 }
3306 ;
3307 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
3308 {
3309 OUTYY(("P(fallback-enabled:%s)\n", $2));
3310 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3311 yyerror("expected yes or no.");
3312 else cfg_parser->cfg->auths->fallback_enabled =
3313 (strcmp($2, "yes")==0);
3314 free($2);
3315 }
3316 ;
3317 view_name: VAR_NAME STRING_ARG
3318 {
3319 OUTYY(("P(name:%s)\n", $2));
3320 if(cfg_parser->cfg->views->name)
3321 yyerror("view name override, there must be one "
3322 "name for one view");
3323 free(cfg_parser->cfg->views->name);
3324 cfg_parser->cfg->views->name = $2;
3325 }
3326 ;
3327 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
3328 {
3329 OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
3330 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
3331 strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
3332 strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
3333 && strcmp($3, "typetransparent")!=0
3334 && strcmp($3, "always_transparent")!=0
3335 && strcmp($3, "always_refuse")!=0
3336 && strcmp($3, "always_nxdomain")!=0
3337 && strcmp($3, "always_nodata")!=0
3338 && strcmp($3, "always_deny")!=0
3339 && strcmp($3, "always_null")!=0
3340 && strcmp($3, "noview")!=0
3341 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
3342 && strcmp($3, "inform_redirect") != 0
3343 && strcmp($3, "ipset") != 0) {
3344 yyerror("local-zone type: expected static, deny, "
3345 "refuse, redirect, transparent, "
3346 "typetransparent, inform, inform_deny, "
3347 "inform_redirect, always_transparent, "
3348 "always_refuse, always_nxdomain, "
3349 "always_nodata, always_deny, always_null, "
3350 "noview, nodefault or ipset");
3351 free($2);
3352 free($3);
3353 } else if(strcmp($3, "nodefault")==0) {
3354 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3355 local_zones_nodefault, $2))
3356 fatal_exit("out of memory adding local-zone");
3357 free($3);
3358 #ifdef USE_IPSET
3359 } else if(strcmp($3, "ipset")==0) {
3360 size_t len = strlen($2);
3361 /* Make sure to add the trailing dot.
3362 * These are str compared to domain names. */
3363 if($2[len-1] != '.') {
3364 if(!($2 = realloc($2, len+2))) {
3365 fatal_exit("out of memory adding local-zone");
3366 }
3367 $2[len] = '.';
3368 $2[len+1] = 0;
3369 }
3370 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3371 local_zones_ipset, $2))
3372 fatal_exit("out of memory adding local-zone");
3373 free($3);
3374 #endif
3375 } else {
3376 if(!cfg_str2list_insert(
3377 &cfg_parser->cfg->views->local_zones,
3378 $2, $3))
3379 fatal_exit("out of memory adding local-zone");
3380 }
3381 }
3382 ;
3383 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3384 {
3385 OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
3386 validate_respip_action($3);
3387 if(!cfg_str2list_insert(
3388 &cfg_parser->cfg->views->respip_actions, $2, $3))
3389 fatal_exit("out of memory adding per-view "
3390 "response-ip action");
3391 }
3392 ;
3393 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3394 {
3395 OUTYY(("P(view_response_ip_data:%s)\n", $2));
3396 if(!cfg_str2list_insert(
3397 &cfg_parser->cfg->views->respip_data, $2, $3))
3398 fatal_exit("out of memory adding response-ip-data");
3399 }
3400 ;
3401 view_local_data: VAR_LOCAL_DATA STRING_ARG
3402 {
3403 OUTYY(("P(view_local_data:%s)\n", $2));
3404 if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
3405 fatal_exit("out of memory adding local-data");
3406 }
3407 }
3408 ;
3409 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
3410 {
3411 char* ptr;
3412 OUTYY(("P(view_local_data_ptr:%s)\n", $2));
3413 ptr = cfg_ptr_reverse($2);
3414 free($2);
3415 if(ptr) {
3416 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3417 local_data, ptr))
3418 fatal_exit("out of memory adding local-data");
3419 } else {
3420 yyerror("local-data-ptr could not be reversed");
3421 }
3422 }
3423 ;
3424 view_first: VAR_VIEW_FIRST STRING_ARG
3425 {
3426 OUTYY(("P(view-first:%s)\n", $2));
3427 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3428 yyerror("expected yes or no.");
3429 else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
3430 free($2);
3431 }
3432 ;
3433 rcstart: VAR_REMOTE_CONTROL
3434 {
3435 OUTYY(("\nP(remote-control:)\n"));
3436 cfg_parser->started_toplevel = 1;
3437 }
3438 ;
3439 contents_rc: contents_rc content_rc
3440 | ;
3441 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
3442 rc_server_key_file | rc_server_cert_file | rc_control_key_file |
3443 rc_control_cert_file | rc_control_use_cert
3444 ;
3445 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
3446 {
3447 OUTYY(("P(control_enable:%s)\n", $2));
3448 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3449 yyerror("expected yes or no.");
3450 else cfg_parser->cfg->remote_control_enable =
3451 (strcmp($2, "yes")==0);
3452 free($2);
3453 }
3454 ;
3455 rc_control_port: VAR_CONTROL_PORT STRING_ARG
3456 {
3457 OUTYY(("P(control_port:%s)\n", $2));
3458 if(atoi($2) == 0)
3459 yyerror("control port number expected");
3460 else cfg_parser->cfg->control_port = atoi($2);
3461 free($2);
3462 }
3463 ;
3464 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
3465 {
3466 OUTYY(("P(control_interface:%s)\n", $2));
3467 if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
3468 yyerror("out of memory");
3469 }
3470 ;
3471 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
3472 {
3473 OUTYY(("P(control_use_cert:%s)\n", $2));
3474 cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
3475 free($2);
3476 }
3477 ;
3478 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
3479 {
3480 OUTYY(("P(rc_server_key_file:%s)\n", $2));
3481 free(cfg_parser->cfg->server_key_file);
3482 cfg_parser->cfg->server_key_file = $2;
3483 }
3484 ;
3485 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
3486 {
3487 OUTYY(("P(rc_server_cert_file:%s)\n", $2));
3488 free(cfg_parser->cfg->server_cert_file);
3489 cfg_parser->cfg->server_cert_file = $2;
3490 }
3491 ;
3492 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
3493 {
3494 OUTYY(("P(rc_control_key_file:%s)\n", $2));
3495 free(cfg_parser->cfg->control_key_file);
3496 cfg_parser->cfg->control_key_file = $2;
3497 }
3498 ;
3499 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
3500 {
3501 OUTYY(("P(rc_control_cert_file:%s)\n", $2));
3502 free(cfg_parser->cfg->control_cert_file);
3503 cfg_parser->cfg->control_cert_file = $2;
3504 }
3505 ;
3506 dtstart: VAR_DNSTAP
3507 {
3508 OUTYY(("\nP(dnstap:)\n"));
3509 cfg_parser->started_toplevel = 1;
3510 }
3511 ;
3512 contents_dt: contents_dt content_dt
3513 | ;
3514 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
3515 dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
3516 dt_dnstap_tls_cert_bundle |
3517 dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
3518 dt_dnstap_send_identity | dt_dnstap_send_version |
3519 dt_dnstap_identity | dt_dnstap_version |
3520 dt_dnstap_log_resolver_query_messages |
3521 dt_dnstap_log_resolver_response_messages |
3522 dt_dnstap_log_client_query_messages |
3523 dt_dnstap_log_client_response_messages |
3524 dt_dnstap_log_forwarder_query_messages |
3525 dt_dnstap_log_forwarder_response_messages |
3526 dt_dnstap_sample_rate
3527 ;
3528 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
3529 {
3530 OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
3531 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3532 yyerror("expected yes or no.");
3533 else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
3534 free($2);
3535 }
3536 ;
3537 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
3538 {
3539 OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
3540 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3541 yyerror("expected yes or no.");
3542 else cfg_parser->cfg->dnstap_bidirectional =
3543 (strcmp($2, "yes")==0);
3544 free($2);
3545 }
3546 ;
3547 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
3548 {
3549 OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
3550 free(cfg_parser->cfg->dnstap_socket_path);
3551 cfg_parser->cfg->dnstap_socket_path = $2;
3552 }
3553 ;
3554 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
3555 {
3556 OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
3557 free(cfg_parser->cfg->dnstap_ip);
3558 cfg_parser->cfg->dnstap_ip = $2;
3559 }
3560 ;
3561 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
3562 {
3563 OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
3564 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3565 yyerror("expected yes or no.");
3566 else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
3567 free($2);
3568 }
3569 ;
3570 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
3571 {
3572 OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
3573 free(cfg_parser->cfg->dnstap_tls_server_name);
3574 cfg_parser->cfg->dnstap_tls_server_name = $2;
3575 }
3576 ;
3577 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
3578 {
3579 OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
3580 free(cfg_parser->cfg->dnstap_tls_cert_bundle);
3581 cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
3582 }
3583 ;
3584 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
3585 {
3586 OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
3587 free(cfg_parser->cfg->dnstap_tls_client_key_file);
3588 cfg_parser->cfg->dnstap_tls_client_key_file = $2;
3589 }
3590 ;
3591 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
3592 {
3593 OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
3594 free(cfg_parser->cfg->dnstap_tls_client_cert_file);
3595 cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
3596 }
3597 ;
3598 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
3599 {
3600 OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
3601 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3602 yyerror("expected yes or no.");
3603 else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
3604 free($2);
3605 }
3606 ;
3607 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
3608 {
3609 OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
3610 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3611 yyerror("expected yes or no.");
3612 else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
3613 free($2);
3614 }
3615 ;
3616 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
3617 {
3618 OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
3619 free(cfg_parser->cfg->dnstap_identity);
3620 cfg_parser->cfg->dnstap_identity = $2;
3621 }
3622 ;
3623 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
3624 {
3625 OUTYY(("P(dt_dnstap_version:%s)\n", $2));
3626 free(cfg_parser->cfg->dnstap_version);
3627 cfg_parser->cfg->dnstap_version = $2;
3628 }
3629 ;
3630 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
3631 {
3632 OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
3633 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3634 yyerror("expected yes or no.");
3635 else cfg_parser->cfg->dnstap_log_resolver_query_messages =
3636 (strcmp($2, "yes")==0);
3637 free($2);
3638 }
3639 ;
3640 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
3641 {
3642 OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
3643 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3644 yyerror("expected yes or no.");
3645 else cfg_parser->cfg->dnstap_log_resolver_response_messages =
3646 (strcmp($2, "yes")==0);
3647 free($2);
3648 }
3649 ;
3650 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
3651 {
3652 OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
3653 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3654 yyerror("expected yes or no.");
3655 else cfg_parser->cfg->dnstap_log_client_query_messages =
3656 (strcmp($2, "yes")==0);
3657 free($2);
3658 }
3659 ;
3660 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
3661 {
3662 OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
3663 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3664 yyerror("expected yes or no.");
3665 else cfg_parser->cfg->dnstap_log_client_response_messages =
3666 (strcmp($2, "yes")==0);
3667 free($2);
3668 }
3669 ;
3670 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
3671 {
3672 OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
3673 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3674 yyerror("expected yes or no.");
3675 else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
3676 (strcmp($2, "yes")==0);
3677 free($2);
3678 }
3679 ;
3680 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
3681 {
3682 OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
3683 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3684 yyerror("expected yes or no.");
3685 else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
3686 (strcmp($2, "yes")==0);
3687 free($2);
3688 }
3689 ;
3690 dt_dnstap_sample_rate: VAR_DNSTAP_SAMPLE_RATE STRING_ARG
3691 {
3692 OUTYY(("P(dt_dnstap_sample_rate:%s)\n", $2));
3693 if(atoi($2) == 0 && strcmp($2, "0") != 0)
3694 yyerror("number expected");
3695 else if(atoi($2) < 0)
3696 yyerror("dnstap sample rate too small");
3697 else cfg_parser->cfg->dnstap_sample_rate = atoi($2);
3698 free($2);
3699 }
3700 ;
3701 pythonstart: VAR_PYTHON
3702 {
3703 OUTYY(("\nP(python:)\n"));
3704 cfg_parser->started_toplevel = 1;
3705 }
3706 ;
3707 contents_py: contents_py content_py
3708 | ;
3709 content_py: py_script
3710 ;
3711 py_script: VAR_PYTHON_SCRIPT STRING_ARG
3712 {
3713 OUTYY(("P(python-script:%s)\n", $2));
3714 if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
3715 yyerror("out of memory");
3716 }
3717 ;
3718 dynlibstart: VAR_DYNLIB
3719 {
3720 OUTYY(("\nP(dynlib:)\n"));
3721 cfg_parser->started_toplevel = 1;
3722 }
3723 ;
3724 contents_dl: contents_dl content_dl
3725 | ;
3726 content_dl: dl_file
3727 ;
3728 dl_file: VAR_DYNLIB_FILE STRING_ARG
3729 {
3730 OUTYY(("P(dynlib-file:%s)\n", $2));
3731 if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
3732 yyerror("out of memory");
3733 }
3734 ;
3735 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
3736 {
3737 OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
3738 if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3739 yyerror("expected yes or no.");
3740 else cfg_parser->cfg->disable_dnssec_lame_check =
3741 (strcmp($2, "yes")==0);
3742 free($2);
3743 }
3744 ;
3745 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
3746 {
3747 OUTYY(("P(server_log_identity:%s)\n", $2));
3748 free(cfg_parser->cfg->log_identity);
3749 cfg_parser->cfg->log_identity = $2;
3750 }
3751 ;
3752 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3753 {
3754 OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
3755 validate_respip_action($3);
3756 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
3757 $2, $3))
3758 fatal_exit("out of memory adding response-ip");
3759 }
3760 ;
3761 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3762 {
3763 OUTYY(("P(server_response_ip_data:%s)\n", $2));
3764 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3765 $2, $3))
3766 fatal_exit("out of memory adding response-ip-data");
3767 }
3768 ;
3769 dnscstart: VAR_DNSCRYPT
3770 {
3771 OUTYY(("\nP(dnscrypt:)\n"));
3772 cfg_parser->started_toplevel = 1;
3773 }
3774 ;
3775 contents_dnsc: contents_dnsc content_dnsc
3776 | ;
3777 content_dnsc:
3778 dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3779 dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3780 dnsc_dnscrypt_provider_cert_rotated |
3781 dnsc_dnscrypt_shared_secret_cache_size |
3782 dnsc_dnscrypt_shared_secret_cache_slabs |
3783 dnsc_dnscrypt_nonce_cache_size |
3784 dnsc_dnscrypt_nonce_cache_slabs
3785 ;
3786 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3787 {
3788 OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3789 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3790 yyerror("expected yes or no.");
3791 else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3792 free($2);
3793 }
3794 ;
3795 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3796 {
3797 OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3798 if(atoi($2) == 0)
3799 yyerror("port number expected");
3800 else cfg_parser->cfg->dnscrypt_port = atoi($2);
3801 free($2);
3802 }
3803 ;
3804 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3805 {
3806 OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3807 free(cfg_parser->cfg->dnscrypt_provider);
3808 cfg_parser->cfg->dnscrypt_provider = $2;
3809 }
3810 ;
3811 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3812 {
3813 OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3814 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3815 log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3816 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3817 fatal_exit("out of memory adding dnscrypt-provider-cert");
3818 }
3819 ;
3820 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3821 {
3822 OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3823 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3824 fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3825 }
3826 ;
3827 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3828 {
3829 OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3830 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3831 log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3832 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3833 fatal_exit("out of memory adding dnscrypt-secret-key");
3834 }
3835 ;
3836 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3837 {
3838 OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3839 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3840 yyerror("memory size expected");
3841 free($2);
3842 }
3843 ;
3844 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3845 {
3846 OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3847 if(atoi($2) == 0) {
3848 yyerror("number expected");
3849 } else {
3850 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3851 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3852 yyerror("must be a power of 2");
3853 }
3854 free($2);
3855 }
3856 ;
3857 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3858 {
3859 OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3860 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3861 yyerror("memory size expected");
3862 free($2);
3863 }
3864 ;
3865 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3866 {
3867 OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3868 if(atoi($2) == 0) {
3869 yyerror("number expected");
3870 } else {
3871 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3872 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3873 yyerror("must be a power of 2");
3874 }
3875 free($2);
3876 }
3877 ;
3878 cachedbstart: VAR_CACHEDB
3879 {
3880 OUTYY(("\nP(cachedb:)\n"));
3881 cfg_parser->started_toplevel = 1;
3882 }
3883 ;
3884 contents_cachedb: contents_cachedb content_cachedb
3885 | ;
3886 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3887 redis_server_host | redis_replica_server_host |
3888 redis_server_port | redis_replica_server_port |
3889 redis_timeout | redis_replica_timeout |
3890 redis_command_timeout | redis_replica_command_timeout |
3891 redis_connect_timeout | redis_replica_connect_timeout |
3892 redis_server_path | redis_replica_server_path |
3893 redis_server_password | redis_replica_server_password |
3894 redis_logical_db | redis_replica_logical_db |
3895 cachedb_no_store | redis_expire_records |
3896 cachedb_check_when_serve_expired
3897 ;
3898 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3899 {
3900 #ifdef USE_CACHEDB
3901 OUTYY(("P(backend:%s)\n", $2));
3902 free(cfg_parser->cfg->cachedb_backend);
3903 cfg_parser->cfg->cachedb_backend = $2;
3904 #else
3905 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3906 free($2);
3907 #endif
3908 }
3909 ;
3910 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3911 {
3912 #ifdef USE_CACHEDB
3913 OUTYY(("P(secret-seed:%s)\n", $2));
3914 free(cfg_parser->cfg->cachedb_secret);
3915 cfg_parser->cfg->cachedb_secret = $2;
3916 #else
3917 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3918 free($2);
3919 #endif
3920 }
3921 ;
3922 cachedb_no_store: VAR_CACHEDB_NO_STORE STRING_ARG
3923 {
3924 #ifdef USE_CACHEDB
3925 OUTYY(("P(cachedb_no_store:%s)\n", $2));
3926 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3927 yyerror("expected yes or no.");
3928 else cfg_parser->cfg->cachedb_no_store = (strcmp($2, "yes")==0);
3929 #else
3930 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3931 #endif
3932 free($2);
3933 }
3934 ;
3935 cachedb_check_when_serve_expired: VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED STRING_ARG
3936 {
3937 #ifdef USE_CACHEDB
3938 OUTYY(("P(cachedb_check_when_serve_expired:%s)\n", $2));
3939 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3940 yyerror("expected yes or no.");
3941 else cfg_parser->cfg->cachedb_check_when_serve_expired = (strcmp($2, "yes")==0);
3942 #else
3943 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3944 #endif
3945 free($2);
3946 }
3947 ;
3948 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3949 {
3950 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3951 OUTYY(("P(redis_server_host:%s)\n", $2));
3952 free(cfg_parser->cfg->redis_server_host);
3953 cfg_parser->cfg->redis_server_host = $2;
3954 #else
3955 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3956 free($2);
3957 #endif
3958 }
3959 ;
3960 redis_replica_server_host: VAR_CACHEDB_REDISREPLICAHOST STRING_ARG
3961 {
3962 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3963 OUTYY(("P(redis_replica_server_host:%s)\n", $2));
3964 free(cfg_parser->cfg->redis_replica_server_host);
3965 cfg_parser->cfg->redis_replica_server_host = $2;
3966 #else
3967 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3968 free($2);
3969 #endif
3970 }
3971 ;
3972 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3973 {
3974 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3975 int port;
3976 OUTYY(("P(redis_server_port:%s)\n", $2));
3977 port = atoi($2);
3978 if(port == 0 || port < 0 || port > 65535)
3979 yyerror("valid redis server port number expected");
3980 else cfg_parser->cfg->redis_server_port = port;
3981 #else
3982 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3983 #endif
3984 free($2);
3985 }
3986 ;
3987 redis_replica_server_port: VAR_CACHEDB_REDISREPLICAPORT STRING_ARG
3988 {
3989 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3990 int port;
3991 OUTYY(("P(redis_replica_server_port:%s)\n", $2));
3992 port = atoi($2);
3993 if(port == 0 || port < 0 || port > 65535)
3994 yyerror("valid redis server port number expected");
3995 else cfg_parser->cfg->redis_replica_server_port = port;
3996 #else
3997 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3998 #endif
3999 free($2);
4000 }
4001 ;
4002 redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG
4003 {
4004 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4005 OUTYY(("P(redis_server_path:%s)\n", $2));
4006 free(cfg_parser->cfg->redis_server_path);
4007 cfg_parser->cfg->redis_server_path = $2;
4008 #else
4009 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4010 free($2);
4011 #endif
4012 }
4013 ;
4014 redis_replica_server_path: VAR_CACHEDB_REDISREPLICAPATH STRING_ARG
4015 {
4016 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4017 OUTYY(("P(redis_replica_server_path:%s)\n", $2));
4018 free(cfg_parser->cfg->redis_replica_server_path);
4019 cfg_parser->cfg->redis_replica_server_path = $2;
4020 #else
4021 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4022 free($2);
4023 #endif
4024 }
4025 ;
4026 redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG
4027 {
4028 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4029 OUTYY(("P(redis_server_password:%s)\n", $2));
4030 free(cfg_parser->cfg->redis_server_password);
4031 cfg_parser->cfg->redis_server_password = $2;
4032 #else
4033 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4034 free($2);
4035 #endif
4036 }
4037 ;
4038 redis_replica_server_password: VAR_CACHEDB_REDISREPLICAPASSWORD STRING_ARG
4039 {
4040 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4041 OUTYY(("P(redis_replica_server_password:%s)\n", $2));
4042 free(cfg_parser->cfg->redis_replica_server_password);
4043 cfg_parser->cfg->redis_replica_server_password = $2;
4044 #else
4045 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4046 free($2);
4047 #endif
4048 }
4049 ;
4050 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
4051 {
4052 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4053 OUTYY(("P(redis_timeout:%s)\n", $2));
4054 if(atoi($2) == 0)
4055 yyerror("redis timeout value expected");
4056 else cfg_parser->cfg->redis_timeout = atoi($2);
4057 #else
4058 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4059 #endif
4060 free($2);
4061 }
4062 ;
4063 redis_replica_timeout: VAR_CACHEDB_REDISREPLICATIMEOUT STRING_ARG
4064 {
4065 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4066 OUTYY(("P(redis_replica_timeout:%s)\n", $2));
4067 if(atoi($2) == 0)
4068 yyerror("redis timeout value expected");
4069 else cfg_parser->cfg->redis_replica_timeout = atoi($2);
4070 #else
4071 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4072 #endif
4073 free($2);
4074 }
4075 ;
4076 redis_command_timeout: VAR_CACHEDB_REDISCOMMANDTIMEOUT STRING_ARG
4077 {
4078 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4079 OUTYY(("P(redis_command_timeout:%s)\n", $2));
4080 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4081 yyerror("redis command timeout value expected");
4082 else cfg_parser->cfg->redis_command_timeout = atoi($2);
4083 #else
4084 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4085 #endif
4086 free($2);
4087 }
4088 ;
4089 redis_replica_command_timeout: VAR_CACHEDB_REDISREPLICACOMMANDTIMEOUT STRING_ARG
4090 {
4091 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4092 OUTYY(("P(redis_replica_command_timeout:%s)\n", $2));
4093 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4094 yyerror("redis command timeout value expected");
4095 else cfg_parser->cfg->redis_replica_command_timeout = atoi($2);
4096 #else
4097 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4098 #endif
4099 free($2);
4100 }
4101 ;
4102 redis_connect_timeout: VAR_CACHEDB_REDISCONNECTTIMEOUT STRING_ARG
4103 {
4104 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4105 OUTYY(("P(redis_connect_timeout:%s)\n", $2));
4106 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4107 yyerror("redis connect timeout value expected");
4108 else cfg_parser->cfg->redis_connect_timeout = atoi($2);
4109 #else
4110 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4111 #endif
4112 free($2);
4113 }
4114 ;
4115 redis_replica_connect_timeout: VAR_CACHEDB_REDISREPLICACONNECTTIMEOUT STRING_ARG
4116 {
4117 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4118 OUTYY(("P(redis_replica_connect_timeout:%s)\n", $2));
4119 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4120 yyerror("redis connect timeout value expected");
4121 else cfg_parser->cfg->redis_replica_connect_timeout = atoi($2);
4122 #else
4123 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4124 #endif
4125 free($2);
4126 }
4127 ;
4128 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
4129 {
4130 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4131 OUTYY(("P(redis_expire_records:%s)\n", $2));
4132 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
4133 yyerror("expected yes or no.");
4134 else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
4135 #else
4136 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4137 #endif
4138 free($2);
4139 }
4140 ;
4141 redis_logical_db: VAR_CACHEDB_REDISLOGICALDB STRING_ARG
4142 {
4143 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4144 int db;
4145 OUTYY(("P(redis_logical_db:%s)\n", $2));
4146 db = atoi($2);
4147 if((db == 0 && strcmp($2, "0") != 0) || db < 0)
4148 yyerror("valid redis logical database index expected");
4149 else cfg_parser->cfg->redis_logical_db = db;
4150 #else
4151 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4152 #endif
4153 free($2);
4154 }
4155 ;
4156 redis_replica_logical_db: VAR_CACHEDB_REDISREPLICALOGICALDB STRING_ARG
4157 {
4158 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4159 int db;
4160 OUTYY(("P(redis_replica_logical_db:%s)\n", $2));
4161 db = atoi($2);
4162 if((db == 0 && strcmp($2, "0") != 0) || db < 0)
4163 yyerror("valid redis logical database index expected");
4164 else cfg_parser->cfg->redis_replica_logical_db = db;
4165 #else
4166 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4167 #endif
4168 free($2);
4169 }
4170 ;
4171 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
4172 {
4173 OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
4174 if (atoi($3) < 0)
4175 yyerror("positive number expected");
4176 else {
4177 if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
4178 fatal_exit("out of memory adding tcp connection limit");
4179 }
4180 }
4181 ;
4182 server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG
4183 {
4184 OUTYY(("P(server_answer_cookie:%s)\n", $2));
4185 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
4186 yyerror("expected yes or no.");
4187 else cfg_parser->cfg->do_answer_cookie = (strcmp($2, "yes")==0);
4188 free($2);
4189 }
4190 ;
4191 server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG
4192 {
4193 uint8_t secret[32];
4194 size_t secret_len = sizeof(secret);
4195
4196 OUTYY(("P(server_cookie_secret:%s)\n", $2));
4197 if(sldns_str2wire_hex_buf($2, secret, &secret_len)
4198 || (secret_len != 16))
4199 yyerror("expected 128 bit hex string");
4200 else {
4201 cfg_parser->cfg->cookie_secret_len = secret_len;
4202 memcpy(cfg_parser->cfg->cookie_secret, secret, sizeof(secret));
4203 }
4204 free($2);
4205 }
4206 ;
4207 server_cookie_secret_file: VAR_COOKIE_SECRET_FILE STRING_ARG
4208 {
4209 OUTYY(("P(cookie_secret_file:%s)\n", $2));
4210 free(cfg_parser->cfg->cookie_secret_file);
4211 cfg_parser->cfg->cookie_secret_file = $2;
4212 }
4213 ;
4214 server_iter_scrub_ns: VAR_ITER_SCRUB_NS STRING_ARG
4215 {
4216 OUTYY(("P(server_iter_scrub_ns:%s)\n", $2));
4217 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4218 yyerror("number expected");
4219 else cfg_parser->cfg->iter_scrub_ns = atoi($2);
4220 free($2);
4221 }
4222 ;
4223 server_iter_scrub_cname: VAR_ITER_SCRUB_CNAME STRING_ARG
4224 {
4225 OUTYY(("P(server_iter_scrub_cname:%s)\n", $2));
4226 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4227 yyerror("number expected");
4228 else cfg_parser->cfg->iter_scrub_cname = atoi($2);
4229 free($2);
4230 }
4231 ;
4232 server_max_global_quota: VAR_MAX_GLOBAL_QUOTA STRING_ARG
4233 {
4234 OUTYY(("P(server_max_global_quota:%s)\n", $2));
4235 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4236 yyerror("number expected");
4237 else cfg_parser->cfg->max_global_quota = atoi($2);
4238 free($2);
4239 }
4240 ;
4241 ipsetstart: VAR_IPSET
4242 {
4243 OUTYY(("\nP(ipset:)\n"));
4244 cfg_parser->started_toplevel = 1;
4245 }
4246 ;
4247 contents_ipset: contents_ipset content_ipset
4248 | ;
4249 content_ipset: ipset_name_v4 | ipset_name_v6
4250 ;
4251 ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
4252 {
4253 #ifdef USE_IPSET
4254 OUTYY(("P(name-v4:%s)\n", $2));
4255 if(cfg_parser->cfg->ipset_name_v4)
4256 yyerror("ipset name v4 override, there must be one "
4257 "name for ip v4");
4258 free(cfg_parser->cfg->ipset_name_v4);
4259 cfg_parser->cfg->ipset_name_v4 = $2;
4260 #else
4261 OUTYY(("P(Compiled without ipset, ignoring)\n"));
4262 free($2);
4263 #endif
4264 }
4265 ;
4266 ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
4267 {
4268 #ifdef USE_IPSET
4269 OUTYY(("P(name-v6:%s)\n", $2));
4270 if(cfg_parser->cfg->ipset_name_v6)
4271 yyerror("ipset name v6 override, there must be one "
4272 "name for ip v6");
4273 free(cfg_parser->cfg->ipset_name_v6);
4274 cfg_parser->cfg->ipset_name_v6 = $2;
4275 #else
4276 OUTYY(("P(Compiled without ipset, ignoring)\n"));
4277 free($2);
4278 #endif
4279 }
4280 ;
4281 %%
4282
4283 /* parse helper routines could be here */
4284 static void
4285 validate_respip_action(const char* action)
4286 {
4287 if(strcmp(action, "deny")!=0 &&
4288 strcmp(action, "redirect")!=0 &&
4289 strcmp(action, "inform")!=0 &&
4290 strcmp(action, "inform_deny")!=0 &&
4291 strcmp(action, "always_transparent")!=0 &&
4292 strcmp(action, "always_refuse")!=0 &&
4293 strcmp(action, "always_nxdomain")!=0)
4294 {
4295 yyerror("response-ip action: expected deny, redirect, "
4296 "inform, inform_deny, always_transparent, "
4297 "always_refuse or always_nxdomain");
4298 }
4299 }
4300
4301 static void
validate_acl_action(const char * action)4302 validate_acl_action(const char* action)
4303 {
4304 if(strcmp(action, "deny")!=0 &&
4305 strcmp(action, "refuse")!=0 &&
4306 strcmp(action, "deny_non_local")!=0 &&
4307 strcmp(action, "refuse_non_local")!=0 &&
4308 strcmp(action, "allow_setrd")!=0 &&
4309 strcmp(action, "allow")!=0 &&
4310 strcmp(action, "allow_snoop")!=0 &&
4311 strcmp(action, "allow_cookie")!=0)
4312 {
4313 yyerror("expected deny, refuse, deny_non_local, "
4314 "refuse_non_local, allow, allow_setrd, "
4315 "allow_snoop or allow_cookie as access control action");
4316 }
4317 }
4318