1 /*
2 * configparser.y -- yacc grammar for unbound configuration files
3 *
4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5 *
6 * Copyright (c) 2007, NLnet Labs. All rights reserved.
7 *
8 * This software is open source.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * Redistributions of source code must retain the above copyright notice,
15 * this list of conditions and the following disclaimer.
16 *
17 * Redistributions in binary form must reproduce the above copyright notice,
18 * this list of conditions and the following disclaimer in the documentation
19 * and/or other materials provided with the distribution.
20 *
21 * Neither the name of the NLNET LABS nor the names of its contributors may
22 * be used to endorse or promote products derived from this software without
23 * specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 */
37
38 %{
39 #include "config.h"
40
41 #include <stdarg.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <assert.h>
46
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
50 #include "sldns/str2wire.h"
51
52 int ub_c_lex(void);
53 void ub_c_error(const char *message);
54
55 static void validate_respip_action(const char* action);
56 static void validate_acl_action(const char* action);
57
58 /* these need to be global, otherwise they cannot be used inside yacc */
59 extern struct config_parser_state* cfg_parser;
60
61 #if 0
62 #define OUTYY(s) printf s /* used ONLY when debugging */
63 #else
64 #define OUTYY(s)
65 #endif
66
67 %}
68 %union {
69 char* str;
70 };
71
72 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
73 %token <str> STRING_ARG
74 %token VAR_FORCE_TOPLEVEL
75 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
76 %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
77 %token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_NAT64 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
78 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
79 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
80 %token VAR_SOCK_QUEUE_TIMEOUT
81 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
82 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
83 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
84 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
85 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
86 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
87 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
88 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
89 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
90 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
91 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
92 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
93 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
94 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
95 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
96 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
97 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
98 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
99 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
100 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
101 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
102 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
103 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
104 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
105 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
106 %token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES
107 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
108 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
109 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
110 %token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL
111 %token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING
112 %token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE
113 %token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT
114 %token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES
115 %token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM
116 %token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY
117 %token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
118 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
119 %token VAR_STUB_TCP_UPSTREAM VAR_FORWARD_TCP_UPSTREAM
120 %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
121 %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
122 %token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
123 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
124 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
125 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
126 %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING
127 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
128 %token VAR_NAT64_PREFIX
129 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
130 %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
131 %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
132 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
133 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
134 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
135 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
136 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
137 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
138 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
139 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
140 %token VAR_DNSTAP_SAMPLE_RATE
141 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
142 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
143 %token VAR_IP_DSCP
144 %token VAR_DISABLE_DNSSEC_LAME_CHECK
145 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
146 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
147 %token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS
148 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
149 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
150 %token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
151 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
152 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
153 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
154 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
155 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
156 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
157 %token VAR_CACHE_MIN_NEGATIVE_TTL
158 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
159 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
160 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
161 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
162 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
163 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
164 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_EDE_SERVE_EXPIRED
165 %token VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
166 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
167 %token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
168 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
169 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
170 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
171 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
172 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
173 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
174 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
175 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
176 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
177 %token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE
178 %token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE
179 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
180 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
181 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
182 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISREPLICAHOST
183 %token VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISREPLICAPORT
184 %token VAR_CACHEDB_REDISTIMEOUT VAR_CACHEDB_REDISREPLICATIMEOUT
185 %token VAR_CACHEDB_REDISEXPIRERECORDS
186 %token VAR_CACHEDB_REDISPATH VAR_CACHEDB_REDISREPLICAPATH
187 %token VAR_CACHEDB_REDISPASSWORD VAR_CACHEDB_REDISREPLICAPASSWORD
188 %token VAR_CACHEDB_REDISLOGICALDB VAR_CACHEDB_REDISREPLICALOGICALDB
189 %token VAR_CACHEDB_REDISCOMMANDTIMEOUT VAR_CACHEDB_REDISREPLICACOMMANDTIMEOUT
190 %token VAR_CACHEDB_REDISCONNECTTIMEOUT VAR_CACHEDB_REDISREPLICACONNECTTIMEOUT
191 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
192 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
193 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
194 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
195 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
196 %token VAR_ANSWER_COOKIE VAR_COOKIE_SECRET VAR_IP_RATELIMIT_COOKIE
197 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
198 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
199 %token VAR_DISCARD_TIMEOUT VAR_WAIT_LIMIT VAR_WAIT_LIMIT_COOKIE
200 %token VAR_WAIT_LIMIT_NETBLOCK VAR_WAIT_LIMIT_COOKIE_NETBLOCK
201 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI
202 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
203 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
204 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
205 %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
206 %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID
207 %token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE
208 %token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
209 %token VAR_DNS_ERROR_REPORTING
210 %token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
211 %token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
212 %token VAR_QUIC_PORT VAR_QUIC_SIZE
213 %token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO
214 %token VAR_HARDEN_UNKNOWN_ADDITIONAL VAR_DISABLE_EDNS_DO VAR_CACHEDB_NO_STORE
215 %token VAR_LOG_DESTADDR VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED
216 %token VAR_COOKIE_SECRET_FILE VAR_ITER_SCRUB_NS VAR_ITER_SCRUB_CNAME
217 %token VAR_MAX_GLOBAL_QUOTA VAR_HARDEN_UNVERIFIED_GLUE VAR_LOG_TIME_ISO
218
219 %%
220 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
221 toplevelvar: serverstart contents_server | stub_clause |
222 forward_clause | pythonstart contents_py |
223 rcstart contents_rc | dtstart contents_dt | view_clause |
224 dnscstart contents_dnsc | cachedbstart contents_cachedb |
225 ipsetstart contents_ipset | authstart contents_auth |
226 rpzstart contents_rpz | dynlibstart contents_dl |
227 force_toplevel
228 ;
229 force_toplevel: VAR_FORCE_TOPLEVEL
230 {
231 OUTYY(("\nP(force-toplevel)\n"));
232 cfg_parser->started_toplevel = 0;
233 }
234 ;
235 /* server: declaration */
236 serverstart: VAR_SERVER
237 {
238 OUTYY(("\nP(server:)\n"));
239 cfg_parser->started_toplevel = 1;
240 }
241 ;
242 contents_server: contents_server content_server
243 | ;
244 content_server: server_num_threads | server_verbosity | server_port |
245 server_outgoing_range | server_do_ip4 |
246 server_do_ip6 | server_do_nat64 | server_prefer_ip4 |
247 server_prefer_ip6 | server_do_udp | server_do_tcp |
248 server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
249 server_tcp_keepalive | server_tcp_keepalive_timeout |
250 server_sock_queue_timeout |
251 server_interface | server_chroot | server_username |
252 server_directory | server_logfile | server_pidfile |
253 server_msg_cache_size | server_msg_cache_slabs |
254 server_num_queries_per_thread | server_rrset_cache_size |
255 server_rrset_cache_slabs | server_outgoing_num_tcp |
256 server_infra_host_ttl | server_infra_lame_ttl |
257 server_infra_cache_slabs | server_infra_cache_numhosts |
258 server_infra_cache_lame_size | server_target_fetch_policy |
259 server_harden_short_bufsize | server_harden_large_queries |
260 server_do_not_query_address | server_hide_identity |
261 server_hide_version | server_identity | server_version |
262 server_hide_http_user_agent | server_http_user_agent |
263 server_harden_glue | server_module_conf | server_trust_anchor_file |
264 server_trust_anchor | server_val_override_date | server_bogus_ttl |
265 server_val_clean_additional | server_val_permissive_mode |
266 server_incoming_num_tcp | server_msg_buffer_size |
267 server_key_cache_size | server_key_cache_slabs |
268 server_trusted_keys_file | server_val_nsec3_keysize_iterations |
269 server_use_syslog | server_outgoing_interface | server_root_hints |
270 server_do_not_query_localhost | server_cache_max_ttl |
271 server_harden_dnssec_stripped | server_access_control |
272 server_local_zone | server_local_data | server_interface_automatic |
273 server_statistics_interval | server_do_daemonize |
274 server_use_caps_for_id | server_statistics_cumulative |
275 server_outgoing_port_permit | server_outgoing_port_avoid |
276 server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
277 server_harden_referral_path | server_private_address |
278 server_private_domain | server_extended_statistics |
279 server_local_data_ptr | server_jostle_timeout |
280 server_unwanted_reply_threshold | server_log_time_ascii |
281 server_domain_insecure | server_val_sig_skew_min |
282 server_val_sig_skew_max | server_val_max_restart |
283 server_cache_min_ttl | server_val_log_level |
284 server_auto_trust_anchor_file | server_add_holddown |
285 server_del_holddown | server_keep_missing | server_so_rcvbuf |
286 server_edns_buffer_size | server_prefetch | server_prefetch_key |
287 server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
288 server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
289 server_log_local_actions |
290 server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
291 server_https_port | server_http_endpoint | server_http_max_streams |
292 server_http_query_buffer_size | server_http_response_buffer_size |
293 server_http_nodelay | server_http_notls_downstream |
294 server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
295 server_so_reuseport | server_delay_close | server_udp_connect |
296 server_unblock_lan_zones | server_insecure_lan_zones |
297 server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
298 server_nat64_prefix |
299 server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade |
300 server_ip_transparent | server_ip_ratelimit | server_ratelimit |
301 server_ip_dscp | server_infra_keep_probing |
302 server_ip_ratelimit_slabs | server_ratelimit_slabs |
303 server_ip_ratelimit_size | server_ratelimit_size |
304 server_ratelimit_for_domain |
305 server_ratelimit_below_domain | server_ratelimit_factor |
306 server_ip_ratelimit_factor | server_ratelimit_backoff |
307 server_ip_ratelimit_backoff | server_outbound_msg_retry |
308 server_max_sent_count | server_max_query_restarts |
309 server_send_client_subnet | server_client_subnet_zone |
310 server_client_subnet_always_forward | server_client_subnet_opcode |
311 server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
312 server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
313 server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
314 server_caps_whitelist | server_cache_max_negative_ttl |
315 server_cache_min_negative_ttl |
316 server_permit_small_holddown | server_qname_minimisation |
317 server_ip_freebind | server_define_tag | server_local_zone_tag |
318 server_disable_dnssec_lame_check | server_access_control_tag |
319 server_local_zone_override | server_access_control_tag_action |
320 server_access_control_tag_data | server_access_control_view |
321 server_interface_action | server_interface_view | server_interface_tag |
322 server_interface_tag_action | server_interface_tag_data |
323 server_qname_minimisation_strict |
324 server_pad_responses | server_pad_responses_block_size |
325 server_pad_queries | server_pad_queries_block_size |
326 server_serve_expired |
327 server_serve_expired_ttl | server_serve_expired_ttl_reset |
328 server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
329 server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa |
330 server_log_identity | server_use_systemd |
331 server_response_ip_tag | server_response_ip | server_response_ip_data |
332 server_shm_enable | server_shm_key | server_fake_sha1 |
333 server_hide_trustanchor | server_trust_anchor_signaling |
334 server_root_key_sentinel |
335 server_ipsecmod_enabled | server_ipsecmod_hook |
336 server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
337 server_ipsecmod_whitelist | server_ipsecmod_strict |
338 server_udp_upstream_without_downstream | server_aggressive_nsec |
339 server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
340 server_fast_server_permil | server_fast_server_num | server_tls_win_cert |
341 server_tcp_connection_limit | server_log_servfail | server_deny_any |
342 server_unknown_server_time_limit | server_log_tag_queryreply |
343 server_discard_timeout | server_wait_limit | server_wait_limit_cookie |
344 server_wait_limit_netblock | server_wait_limit_cookie_netblock |
345 server_stream_wait_size | server_tls_ciphers |
346 server_tls_ciphersuites | server_tls_session_ticket_keys |
347 server_answer_cookie | server_cookie_secret | server_ip_ratelimit_cookie |
348 server_tls_use_sni | server_edns_client_string |
349 server_edns_client_string_opcode | server_nsid |
350 server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
351 server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
352 server_quic_port | server_quic_size |
353 server_interface_automatic_ports | server_ede |
354 server_dns_error_reporting |
355 server_proxy_protocol_port | server_statistics_inhibit_zero |
356 server_harden_unknown_additional | server_disable_edns_do |
357 server_log_destaddr | server_cookie_secret_file |
358 server_iter_scrub_ns | server_iter_scrub_cname | server_max_global_quota |
359 server_harden_unverified_glue | server_log_time_iso
360 ;
361 stub_clause: stubstart contents_stub
362 {
363 /* stub end */
364 if(cfg_parser->cfg->stubs &&
365 !cfg_parser->cfg->stubs->name)
366 yyerror("stub-zone without name");
367 }
368 ;
369 stubstart: VAR_STUB_ZONE
370 {
371 struct config_stub* s;
372 OUTYY(("\nP(stub_zone:)\n"));
373 cfg_parser->started_toplevel = 1;
374 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
375 if(s) {
376 s->next = cfg_parser->cfg->stubs;
377 cfg_parser->cfg->stubs = s;
378 } else {
379 yyerror("out of memory");
380 }
381 }
382 ;
383 contents_stub: contents_stub content_stub
384 | ;
385 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
386 stub_no_cache | stub_ssl_upstream | stub_tcp_upstream
387 ;
388 forward_clause: forwardstart contents_forward
389 {
390 /* forward end */
391 if(cfg_parser->cfg->forwards &&
392 !cfg_parser->cfg->forwards->name)
393 yyerror("forward-zone without name");
394 }
395 ;
396 forwardstart: VAR_FORWARD_ZONE
397 {
398 struct config_stub* s;
399 OUTYY(("\nP(forward_zone:)\n"));
400 cfg_parser->started_toplevel = 1;
401 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
402 if(s) {
403 s->next = cfg_parser->cfg->forwards;
404 cfg_parser->cfg->forwards = s;
405 } else {
406 yyerror("out of memory");
407 }
408 }
409 ;
410 contents_forward: contents_forward content_forward
411 | ;
412 content_forward: forward_name | forward_host | forward_addr | forward_first |
413 forward_no_cache | forward_ssl_upstream | forward_tcp_upstream
414 ;
415 view_clause: viewstart contents_view
416 {
417 /* view end */
418 if(cfg_parser->cfg->views &&
419 !cfg_parser->cfg->views->name)
420 yyerror("view without name");
421 }
422 ;
423 viewstart: VAR_VIEW
424 {
425 struct config_view* s;
426 OUTYY(("\nP(view:)\n"));
427 cfg_parser->started_toplevel = 1;
428 s = (struct config_view*)calloc(1, sizeof(struct config_view));
429 if(s) {
430 s->next = cfg_parser->cfg->views;
431 cfg_parser->cfg->views = s;
432 } else {
433 yyerror("out of memory");
434 }
435 }
436 ;
437 contents_view: contents_view content_view
438 | ;
439 content_view: view_name | view_local_zone | view_local_data | view_first |
440 view_response_ip | view_response_ip_data | view_local_data_ptr
441 ;
442 authstart: VAR_AUTH_ZONE
443 {
444 struct config_auth* s;
445 OUTYY(("\nP(auth_zone:)\n"));
446 cfg_parser->started_toplevel = 1;
447 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
448 if(s) {
449 s->next = cfg_parser->cfg->auths;
450 cfg_parser->cfg->auths = s;
451 /* defaults for auth zone */
452 s->for_downstream = 1;
453 s->for_upstream = 1;
454 s->fallback_enabled = 0;
455 s->zonemd_check = 0;
456 s->zonemd_reject_absence = 0;
457 s->isrpz = 0;
458 } else {
459 yyerror("out of memory");
460 }
461 }
462 ;
463 contents_auth: contents_auth content_auth
464 | ;
465 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
466 auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
467 auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence
468 ;
469
470 rpz_tag: VAR_TAGS STRING_ARG
471 {
472 uint8_t* bitlist;
473 size_t len = 0;
474 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
475 bitlist = config_parse_taglist(cfg_parser->cfg, $2,
476 &len);
477 free($2);
478 if(!bitlist) {
479 yyerror("could not parse tags, (define-tag them first)");
480 }
481 if(bitlist) {
482 cfg_parser->cfg->auths->rpz_taglist = bitlist;
483 cfg_parser->cfg->auths->rpz_taglistlen = len;
484
485 }
486 }
487 ;
488
489 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
490 {
491 OUTYY(("P(rpz_action_override:%s)\n", $2));
492 if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
493 strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
494 strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
495 yyerror("rpz-action-override action: expected nxdomain, "
496 "nodata, passthru, drop, cname or disabled");
497 free($2);
498 cfg_parser->cfg->auths->rpz_action_override = NULL;
499 }
500 else {
501 cfg_parser->cfg->auths->rpz_action_override = $2;
502 }
503 }
504 ;
505
506 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
507 {
508 OUTYY(("P(rpz_cname_override:%s)\n", $2));
509 free(cfg_parser->cfg->auths->rpz_cname);
510 cfg_parser->cfg->auths->rpz_cname = $2;
511 }
512 ;
513
514 rpz_log: VAR_RPZ_LOG STRING_ARG
515 {
516 OUTYY(("P(rpz_log:%s)\n", $2));
517 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
518 yyerror("expected yes or no.");
519 else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
520 free($2);
521 }
522 ;
523
524 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
525 {
526 OUTYY(("P(rpz_log_name:%s)\n", $2));
527 free(cfg_parser->cfg->auths->rpz_log_name);
528 cfg_parser->cfg->auths->rpz_log_name = $2;
529 }
530 ;
531 rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG
532 {
533 OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", $2));
534 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
535 yyerror("expected yes or no.");
536 else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp($2, "yes")==0);
537 free($2);
538 }
539 ;
540
541 rpzstart: VAR_RPZ
542 {
543 struct config_auth* s;
544 OUTYY(("\nP(rpz:)\n"));
545 cfg_parser->started_toplevel = 1;
546 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
547 if(s) {
548 s->next = cfg_parser->cfg->auths;
549 cfg_parser->cfg->auths = s;
550 /* defaults for RPZ auth zone */
551 s->for_downstream = 0;
552 s->for_upstream = 0;
553 s->fallback_enabled = 0;
554 s->isrpz = 1;
555 } else {
556 yyerror("out of memory");
557 }
558 }
559 ;
560 contents_rpz: contents_rpz content_rpz
561 | ;
562 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
563 auth_allow_notify | rpz_action_override | rpz_cname_override |
564 rpz_log | rpz_log_name | rpz_signal_nxdomain_ra | auth_for_downstream
565 ;
566 server_num_threads: VAR_NUM_THREADS STRING_ARG
567 {
568 OUTYY(("P(server_num_threads:%s)\n", $2));
569 if(atoi($2) == 0 && strcmp($2, "0") != 0)
570 yyerror("number expected");
571 else cfg_parser->cfg->num_threads = atoi($2);
572 free($2);
573 }
574 ;
575 server_verbosity: VAR_VERBOSITY STRING_ARG
576 {
577 OUTYY(("P(server_verbosity:%s)\n", $2));
578 if(atoi($2) == 0 && strcmp($2, "0") != 0)
579 yyerror("number expected");
580 else cfg_parser->cfg->verbosity = atoi($2);
581 free($2);
582 }
583 ;
584 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
585 {
586 OUTYY(("P(server_statistics_interval:%s)\n", $2));
587 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
588 cfg_parser->cfg->stat_interval = 0;
589 else if(atoi($2) == 0)
590 yyerror("number expected");
591 else cfg_parser->cfg->stat_interval = atoi($2);
592 free($2);
593 }
594 ;
595 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
596 {
597 OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
598 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
599 yyerror("expected yes or no.");
600 else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
601 free($2);
602 }
603 ;
604 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
605 {
606 OUTYY(("P(server_extended_statistics:%s)\n", $2));
607 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
608 yyerror("expected yes or no.");
609 else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
610 free($2);
611 }
612 ;
613 server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG
614 {
615 OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2));
616 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
617 yyerror("expected yes or no.");
618 else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0);
619 free($2);
620 }
621 ;
622 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
623 {
624 OUTYY(("P(server_shm_enable:%s)\n", $2));
625 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
626 yyerror("expected yes or no.");
627 else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
628 free($2);
629 }
630 ;
631 server_shm_key: VAR_SHM_KEY STRING_ARG
632 {
633 OUTYY(("P(server_shm_key:%s)\n", $2));
634 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
635 cfg_parser->cfg->shm_key = 0;
636 else if(atoi($2) == 0)
637 yyerror("number expected");
638 else cfg_parser->cfg->shm_key = atoi($2);
639 free($2);
640 }
641 ;
642 server_port: VAR_PORT STRING_ARG
643 {
644 OUTYY(("P(server_port:%s)\n", $2));
645 if(atoi($2) == 0)
646 yyerror("port number expected");
647 else cfg_parser->cfg->port = atoi($2);
648 free($2);
649 }
650 ;
651 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
652 {
653 #ifdef CLIENT_SUBNET
654 OUTYY(("P(server_send_client_subnet:%s)\n", $2));
655 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
656 fatal_exit("out of memory adding client-subnet");
657 #else
658 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
659 free($2);
660 #endif
661 }
662 ;
663 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
664 {
665 #ifdef CLIENT_SUBNET
666 OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
667 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
668 $2))
669 fatal_exit("out of memory adding client-subnet-zone");
670 #else
671 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
672 free($2);
673 #endif
674 }
675 ;
676 server_client_subnet_always_forward:
677 VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
678 {
679 #ifdef CLIENT_SUBNET
680 OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
681 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
682 yyerror("expected yes or no.");
683 else
684 cfg_parser->cfg->client_subnet_always_forward =
685 (strcmp($2, "yes")==0);
686 #else
687 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
688 #endif
689 free($2);
690 }
691 ;
692 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
693 {
694 #ifdef CLIENT_SUBNET
695 OUTYY(("P(client_subnet_opcode:%s)\n", $2));
696 OUTYY(("P(Deprecated option, ignoring)\n"));
697 #else
698 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
699 #endif
700 free($2);
701 }
702 ;
703 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
704 {
705 #ifdef CLIENT_SUBNET
706 OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
707 if(atoi($2) == 0 && strcmp($2, "0") != 0)
708 yyerror("IPv4 subnet length expected");
709 else if (atoi($2) > 32)
710 cfg_parser->cfg->max_client_subnet_ipv4 = 32;
711 else if (atoi($2) < 0)
712 cfg_parser->cfg->max_client_subnet_ipv4 = 0;
713 else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
714 #else
715 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
716 #endif
717 free($2);
718 }
719 ;
720 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
721 {
722 #ifdef CLIENT_SUBNET
723 OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
724 if(atoi($2) == 0 && strcmp($2, "0") != 0)
725 yyerror("Ipv6 subnet length expected");
726 else if (atoi($2) > 128)
727 cfg_parser->cfg->max_client_subnet_ipv6 = 128;
728 else if (atoi($2) < 0)
729 cfg_parser->cfg->max_client_subnet_ipv6 = 0;
730 else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
731 #else
732 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
733 #endif
734 free($2);
735 }
736 ;
737 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
738 {
739 #ifdef CLIENT_SUBNET
740 OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
741 if(atoi($2) == 0 && strcmp($2, "0") != 0)
742 yyerror("IPv4 subnet length expected");
743 else if (atoi($2) > 32)
744 cfg_parser->cfg->min_client_subnet_ipv4 = 32;
745 else if (atoi($2) < 0)
746 cfg_parser->cfg->min_client_subnet_ipv4 = 0;
747 else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
748 #else
749 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
750 #endif
751 free($2);
752 }
753 ;
754 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
755 {
756 #ifdef CLIENT_SUBNET
757 OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
758 if(atoi($2) == 0 && strcmp($2, "0") != 0)
759 yyerror("Ipv6 subnet length expected");
760 else if (atoi($2) > 128)
761 cfg_parser->cfg->min_client_subnet_ipv6 = 128;
762 else if (atoi($2) < 0)
763 cfg_parser->cfg->min_client_subnet_ipv6 = 0;
764 else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
765 #else
766 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
767 #endif
768 free($2);
769 }
770 ;
771 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
772 {
773 #ifdef CLIENT_SUBNET
774 OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
775 if(atoi($2) == 0 && strcmp($2, "0") != 0)
776 yyerror("IPv4 ECS tree size expected");
777 else if (atoi($2) < 0)
778 cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
779 else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
780 #else
781 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
782 #endif
783 free($2);
784 }
785 ;
786 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
787 {
788 #ifdef CLIENT_SUBNET
789 OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
790 if(atoi($2) == 0 && strcmp($2, "0") != 0)
791 yyerror("IPv6 ECS tree size expected");
792 else if (atoi($2) < 0)
793 cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
794 else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
795 #else
796 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
797 #endif
798 free($2);
799 }
800 ;
801 server_interface: VAR_INTERFACE STRING_ARG
802 {
803 OUTYY(("P(server_interface:%s)\n", $2));
804 if(cfg_parser->cfg->num_ifs == 0)
805 cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
806 else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
807 (cfg_parser->cfg->num_ifs+1)*sizeof(char*));
808 if(!cfg_parser->cfg->ifs)
809 yyerror("out of memory");
810 else
811 cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
812 }
813 ;
814 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
815 {
816 OUTYY(("P(server_outgoing_interface:%s)\n", $2));
817 if(cfg_parser->cfg->num_out_ifs == 0)
818 cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
819 else cfg_parser->cfg->out_ifs = realloc(
820 cfg_parser->cfg->out_ifs,
821 (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
822 if(!cfg_parser->cfg->out_ifs)
823 yyerror("out of memory");
824 else
825 cfg_parser->cfg->out_ifs[
826 cfg_parser->cfg->num_out_ifs++] = $2;
827 }
828 ;
829 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
830 {
831 OUTYY(("P(server_outgoing_range:%s)\n", $2));
832 if(atoi($2) == 0)
833 yyerror("number expected");
834 else cfg_parser->cfg->outgoing_num_ports = atoi($2);
835 free($2);
836 }
837 ;
838 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
839 {
840 OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
841 if(!cfg_mark_ports($2, 1,
842 cfg_parser->cfg->outgoing_avail_ports, 65536))
843 yyerror("port number or range (\"low-high\") expected");
844 free($2);
845 }
846 ;
847 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
848 {
849 OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
850 if(!cfg_mark_ports($2, 0,
851 cfg_parser->cfg->outgoing_avail_ports, 65536))
852 yyerror("port number or range (\"low-high\") expected");
853 free($2);
854 }
855 ;
856 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
857 {
858 OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
859 if(atoi($2) == 0 && strcmp($2, "0") != 0)
860 yyerror("number expected");
861 else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
862 free($2);
863 }
864 ;
865 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
866 {
867 OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
868 if(atoi($2) == 0 && strcmp($2, "0") != 0)
869 yyerror("number expected");
870 else cfg_parser->cfg->incoming_num_tcp = atoi($2);
871 free($2);
872 }
873 ;
874 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
875 {
876 OUTYY(("P(server_interface_automatic:%s)\n", $2));
877 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
878 yyerror("expected yes or no.");
879 else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
880 free($2);
881 }
882 ;
883 server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG
884 {
885 OUTYY(("P(server_interface_automatic_ports:%s)\n", $2));
886 free(cfg_parser->cfg->if_automatic_ports);
887 cfg_parser->cfg->if_automatic_ports = $2;
888 }
889 ;
890 server_do_ip4: VAR_DO_IP4 STRING_ARG
891 {
892 OUTYY(("P(server_do_ip4:%s)\n", $2));
893 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
894 yyerror("expected yes or no.");
895 else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
896 free($2);
897 }
898 ;
899 server_do_ip6: VAR_DO_IP6 STRING_ARG
900 {
901 OUTYY(("P(server_do_ip6:%s)\n", $2));
902 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
903 yyerror("expected yes or no.");
904 else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
905 free($2);
906 }
907 ;
908 server_do_nat64: VAR_DO_NAT64 STRING_ARG
909 {
910 OUTYY(("P(server_do_nat64:%s)\n", $2));
911 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
912 yyerror("expected yes or no.");
913 else cfg_parser->cfg->do_nat64 = (strcmp($2, "yes")==0);
914 free($2);
915 }
916 ;
917 server_do_udp: VAR_DO_UDP STRING_ARG
918 {
919 OUTYY(("P(server_do_udp:%s)\n", $2));
920 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
921 yyerror("expected yes or no.");
922 else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
923 free($2);
924 }
925 ;
926 server_do_tcp: VAR_DO_TCP STRING_ARG
927 {
928 OUTYY(("P(server_do_tcp:%s)\n", $2));
929 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
930 yyerror("expected yes or no.");
931 else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
932 free($2);
933 }
934 ;
935 server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
936 {
937 OUTYY(("P(server_prefer_ip4:%s)\n", $2));
938 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
939 yyerror("expected yes or no.");
940 else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
941 free($2);
942 }
943 ;
944 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
945 {
946 OUTYY(("P(server_prefer_ip6:%s)\n", $2));
947 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
948 yyerror("expected yes or no.");
949 else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
950 free($2);
951 }
952 ;
953 server_tcp_mss: VAR_TCP_MSS STRING_ARG
954 {
955 OUTYY(("P(server_tcp_mss:%s)\n", $2));
956 if(atoi($2) == 0 && strcmp($2, "0") != 0)
957 yyerror("number expected");
958 else cfg_parser->cfg->tcp_mss = atoi($2);
959 free($2);
960 }
961 ;
962 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
963 {
964 OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
965 if(atoi($2) == 0 && strcmp($2, "0") != 0)
966 yyerror("number expected");
967 else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
968 free($2);
969 }
970 ;
971 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
972 {
973 OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
974 if(atoi($2) == 0 && strcmp($2, "0") != 0)
975 yyerror("number expected");
976 else if (atoi($2) > 120000)
977 cfg_parser->cfg->tcp_idle_timeout = 120000;
978 else if (atoi($2) < 1)
979 cfg_parser->cfg->tcp_idle_timeout = 1;
980 else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
981 free($2);
982 }
983 ;
984 server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG
985 {
986 OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));
987 if(atoi($2) == 0 && strcmp($2, "0") != 0)
988 yyerror("number expected");
989 else if (atoi($2) < 1)
990 cfg_parser->cfg->max_reuse_tcp_queries = 0;
991 else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);
992 free($2);
993 }
994 ;
995 server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG
996 {
997 OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));
998 if(atoi($2) == 0 && strcmp($2, "0") != 0)
999 yyerror("number expected");
1000 else if (atoi($2) < 1)
1001 cfg_parser->cfg->tcp_reuse_timeout = 0;
1002 else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);
1003 free($2);
1004 }
1005 ;
1006 server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG
1007 {
1008 OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2));
1009 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1010 yyerror("number expected");
1011 else if (atoi($2) < 1)
1012 cfg_parser->cfg->tcp_auth_query_timeout = 0;
1013 else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2);
1014 free($2);
1015 }
1016 ;
1017 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
1018 {
1019 OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
1020 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1021 yyerror("expected yes or no.");
1022 else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
1023 free($2);
1024 }
1025 ;
1026 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
1027 {
1028 OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
1029 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1030 yyerror("number expected");
1031 else if (atoi($2) > 6553500)
1032 cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
1033 else if (atoi($2) < 1)
1034 cfg_parser->cfg->tcp_keepalive_timeout = 0;
1035 else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
1036 free($2);
1037 }
1038 ;
1039 server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG
1040 {
1041 OUTYY(("P(server_sock_queue_timeout:%s)\n", $2));
1042 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1043 yyerror("number expected");
1044 else if (atoi($2) > 6553500)
1045 cfg_parser->cfg->sock_queue_timeout = 6553500;
1046 else if (atoi($2) < 1)
1047 cfg_parser->cfg->sock_queue_timeout = 0;
1048 else cfg_parser->cfg->sock_queue_timeout = atoi($2);
1049 free($2);
1050 }
1051 ;
1052 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
1053 {
1054 OUTYY(("P(server_tcp_upstream:%s)\n", $2));
1055 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1056 yyerror("expected yes or no.");
1057 else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
1058 free($2);
1059 }
1060 ;
1061 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
1062 {
1063 OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
1064 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1065 yyerror("expected yes or no.");
1066 else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
1067 free($2);
1068 }
1069 ;
1070 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
1071 {
1072 OUTYY(("P(server_ssl_upstream:%s)\n", $2));
1073 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1074 yyerror("expected yes or no.");
1075 else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
1076 free($2);
1077 }
1078 ;
1079 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
1080 {
1081 OUTYY(("P(server_ssl_service_key:%s)\n", $2));
1082 free(cfg_parser->cfg->ssl_service_key);
1083 cfg_parser->cfg->ssl_service_key = $2;
1084 }
1085 ;
1086 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
1087 {
1088 OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
1089 free(cfg_parser->cfg->ssl_service_pem);
1090 cfg_parser->cfg->ssl_service_pem = $2;
1091 }
1092 ;
1093 server_ssl_port: VAR_SSL_PORT STRING_ARG
1094 {
1095 OUTYY(("P(server_ssl_port:%s)\n", $2));
1096 if(atoi($2) == 0)
1097 yyerror("port number expected");
1098 else cfg_parser->cfg->ssl_port = atoi($2);
1099 free($2);
1100 }
1101 ;
1102 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
1103 {
1104 OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
1105 free(cfg_parser->cfg->tls_cert_bundle);
1106 cfg_parser->cfg->tls_cert_bundle = $2;
1107 }
1108 ;
1109 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
1110 {
1111 OUTYY(("P(server_tls_win_cert:%s)\n", $2));
1112 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1113 yyerror("expected yes or no.");
1114 else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
1115 free($2);
1116 }
1117 ;
1118 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
1119 {
1120 OUTYY(("P(server_tls_additional_port:%s)\n", $2));
1121 if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
1122 $2))
1123 yyerror("out of memory");
1124 }
1125 ;
1126 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
1127 {
1128 OUTYY(("P(server_tls_ciphers:%s)\n", $2));
1129 free(cfg_parser->cfg->tls_ciphers);
1130 cfg_parser->cfg->tls_ciphers = $2;
1131 }
1132 ;
1133 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
1134 {
1135 OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
1136 free(cfg_parser->cfg->tls_ciphersuites);
1137 cfg_parser->cfg->tls_ciphersuites = $2;
1138 }
1139 ;
1140 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
1141 {
1142 OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
1143 if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
1144 $2))
1145 yyerror("out of memory");
1146 }
1147 ;
1148 server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG
1149 {
1150 OUTYY(("P(server_tls_use_sni:%s)\n", $2));
1151 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1152 yyerror("expected yes or no.");
1153 else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0);
1154 free($2);
1155 }
1156 ;
1157 server_https_port: VAR_HTTPS_PORT STRING_ARG
1158 {
1159 OUTYY(("P(server_https_port:%s)\n", $2));
1160 if(atoi($2) == 0)
1161 yyerror("port number expected");
1162 else cfg_parser->cfg->https_port = atoi($2);
1163 free($2);
1164 };
1165 server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
1166 {
1167 OUTYY(("P(server_http_endpoint:%s)\n", $2));
1168 free(cfg_parser->cfg->http_endpoint);
1169 if($2 && $2[0] != '/') {
1170 cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
1171 if(cfg_parser->cfg->http_endpoint) {
1172 cfg_parser->cfg->http_endpoint[0] = '/';
1173 memmove(cfg_parser->cfg->http_endpoint+1, $2,
1174 strlen($2)+1);
1175 } else {
1176 yyerror("out of memory");
1177 }
1178 free($2);
1179 } else {
1180 cfg_parser->cfg->http_endpoint = $2;
1181 }
1182 };
1183 server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG
1184 {
1185 OUTYY(("P(server_http_max_streams:%s)\n", $2));
1186 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1187 yyerror("number expected");
1188 else cfg_parser->cfg->http_max_streams = atoi($2);
1189 free($2);
1190 };
1191 server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG
1192 {
1193 OUTYY(("P(server_http_query_buffer_size:%s)\n", $2));
1194 if(!cfg_parse_memsize($2,
1195 &cfg_parser->cfg->http_query_buffer_size))
1196 yyerror("memory size expected");
1197 free($2);
1198 };
1199 server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG
1200 {
1201 OUTYY(("P(server_http_response_buffer_size:%s)\n", $2));
1202 if(!cfg_parse_memsize($2,
1203 &cfg_parser->cfg->http_response_buffer_size))
1204 yyerror("memory size expected");
1205 free($2);
1206 };
1207 server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
1208 {
1209 OUTYY(("P(server_http_nodelay:%s)\n", $2));
1210 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1211 yyerror("expected yes or no.");
1212 else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
1213 free($2);
1214 };
1215 server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
1216 {
1217 OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
1218 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1219 yyerror("expected yes or no.");
1220 else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
1221 free($2);
1222 };
1223 server_quic_port: VAR_QUIC_PORT STRING_ARG
1224 {
1225 OUTYY(("P(server_quic_port:%s)\n", $2));
1226 #ifndef HAVE_NGTCP2
1227 log_warn("%s:%d: Unbound is not compiled with "
1228 "ngtcp2. This is required to use DNS "
1229 "over QUIC.", cfg_parser->filename, cfg_parser->line);
1230 #endif
1231 if(atoi($2) == 0)
1232 yyerror("port number expected");
1233 else cfg_parser->cfg->quic_port = atoi($2);
1234 free($2);
1235 };
1236 server_quic_size: VAR_QUIC_SIZE STRING_ARG
1237 {
1238 OUTYY(("P(server_quic_size:%s)\n", $2));
1239 if(!cfg_parse_memsize($2, &cfg_parser->cfg->quic_size))
1240 yyerror("memory size expected");
1241 free($2);
1242 };
1243 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
1244 {
1245 OUTYY(("P(server_use_systemd:%s)\n", $2));
1246 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1247 yyerror("expected yes or no.");
1248 else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
1249 free($2);
1250 }
1251 ;
1252 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
1253 {
1254 OUTYY(("P(server_do_daemonize:%s)\n", $2));
1255 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1256 yyerror("expected yes or no.");
1257 else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
1258 free($2);
1259 }
1260 ;
1261 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
1262 {
1263 OUTYY(("P(server_use_syslog:%s)\n", $2));
1264 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1265 yyerror("expected yes or no.");
1266 else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
1267 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
1268 if(strcmp($2, "yes") == 0)
1269 yyerror("no syslog services are available. "
1270 "(reconfigure and compile to add)");
1271 #endif
1272 free($2);
1273 }
1274 ;
1275 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
1276 {
1277 OUTYY(("P(server_log_time_ascii:%s)\n", $2));
1278 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1279 yyerror("expected yes or no.");
1280 else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
1281 free($2);
1282 }
1283 ;
1284 server_log_time_iso: VAR_LOG_TIME_ISO STRING_ARG
1285 {
1286 OUTYY(("P(server_log_time_iso:%s)\n", $2));
1287 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1288 yyerror("expected yes or no.");
1289 else cfg_parser->cfg->log_time_iso = (strcmp($2, "yes")==0);
1290 free($2);
1291 }
1292 ;
1293 server_log_queries: VAR_LOG_QUERIES STRING_ARG
1294 {
1295 OUTYY(("P(server_log_queries:%s)\n", $2));
1296 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1297 yyerror("expected yes or no.");
1298 else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
1299 free($2);
1300 }
1301 ;
1302 server_log_replies: VAR_LOG_REPLIES STRING_ARG
1303 {
1304 OUTYY(("P(server_log_replies:%s)\n", $2));
1305 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1306 yyerror("expected yes or no.");
1307 else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1308 free($2);
1309 }
1310 ;
1311 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1312 {
1313 OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1314 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1315 yyerror("expected yes or no.");
1316 else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1317 free($2);
1318 }
1319 ;
1320 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1321 {
1322 OUTYY(("P(server_log_servfail:%s)\n", $2));
1323 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1324 yyerror("expected yes or no.");
1325 else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1326 free($2);
1327 }
1328 ;
1329 server_log_destaddr: VAR_LOG_DESTADDR STRING_ARG
1330 {
1331 OUTYY(("P(server_log_destaddr:%s)\n", $2));
1332 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1333 yyerror("expected yes or no.");
1334 else cfg_parser->cfg->log_destaddr = (strcmp($2, "yes")==0);
1335 free($2);
1336 }
1337 ;
1338 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1339 {
1340 OUTYY(("P(server_log_local_actions:%s)\n", $2));
1341 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1342 yyerror("expected yes or no.");
1343 else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1344 free($2);
1345 }
1346 ;
1347 server_chroot: VAR_CHROOT STRING_ARG
1348 {
1349 OUTYY(("P(server_chroot:%s)\n", $2));
1350 free(cfg_parser->cfg->chrootdir);
1351 cfg_parser->cfg->chrootdir = $2;
1352 }
1353 ;
1354 server_username: VAR_USERNAME STRING_ARG
1355 {
1356 OUTYY(("P(server_username:%s)\n", $2));
1357 free(cfg_parser->cfg->username);
1358 cfg_parser->cfg->username = $2;
1359 }
1360 ;
1361 server_directory: VAR_DIRECTORY STRING_ARG
1362 {
1363 OUTYY(("P(server_directory:%s)\n", $2));
1364 free(cfg_parser->cfg->directory);
1365 cfg_parser->cfg->directory = $2;
1366 /* change there right away for includes relative to this */
1367 if($2[0]) {
1368 char* d;
1369 #ifdef UB_ON_WINDOWS
1370 w_config_adjust_directory(cfg_parser->cfg);
1371 #endif
1372 d = cfg_parser->cfg->directory;
1373 /* adjust directory if we have already chroot,
1374 * like, we reread after sighup */
1375 if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1376 strncmp(d, cfg_parser->chroot, strlen(
1377 cfg_parser->chroot)) == 0)
1378 d += strlen(cfg_parser->chroot);
1379 if(d[0]) {
1380 if(chdir(d))
1381 log_err("cannot chdir to directory: %s (%s)",
1382 d, strerror(errno));
1383 }
1384 }
1385 }
1386 ;
1387 server_logfile: VAR_LOGFILE STRING_ARG
1388 {
1389 OUTYY(("P(server_logfile:%s)\n", $2));
1390 free(cfg_parser->cfg->logfile);
1391 cfg_parser->cfg->logfile = $2;
1392 cfg_parser->cfg->use_syslog = 0;
1393 }
1394 ;
1395 server_pidfile: VAR_PIDFILE STRING_ARG
1396 {
1397 OUTYY(("P(server_pidfile:%s)\n", $2));
1398 free(cfg_parser->cfg->pidfile);
1399 cfg_parser->cfg->pidfile = $2;
1400 }
1401 ;
1402 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1403 {
1404 OUTYY(("P(server_root_hints:%s)\n", $2));
1405 if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1406 yyerror("out of memory");
1407 }
1408 ;
1409 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1410 {
1411 OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1412 log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
1413 free($2);
1414 }
1415 ;
1416 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1417 {
1418 OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1419 log_warn("option dlv-anchor ignored: DLV is decommissioned");
1420 free($2);
1421 }
1422 ;
1423 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1424 {
1425 OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1426 if(!cfg_strlist_insert(&cfg_parser->cfg->
1427 auto_trust_anchor_file_list, $2))
1428 yyerror("out of memory");
1429 }
1430 ;
1431 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1432 {
1433 OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1434 if(!cfg_strlist_insert(&cfg_parser->cfg->
1435 trust_anchor_file_list, $2))
1436 yyerror("out of memory");
1437 }
1438 ;
1439 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1440 {
1441 OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1442 if(!cfg_strlist_insert(&cfg_parser->cfg->
1443 trusted_keys_file_list, $2))
1444 yyerror("out of memory");
1445 }
1446 ;
1447 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1448 {
1449 OUTYY(("P(server_trust_anchor:%s)\n", $2));
1450 if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1451 yyerror("out of memory");
1452 }
1453 ;
1454 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1455 {
1456 OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1457 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1458 yyerror("expected yes or no.");
1459 else
1460 cfg_parser->cfg->trust_anchor_signaling =
1461 (strcmp($2, "yes")==0);
1462 free($2);
1463 }
1464 ;
1465 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1466 {
1467 OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1468 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1469 yyerror("expected yes or no.");
1470 else
1471 cfg_parser->cfg->root_key_sentinel =
1472 (strcmp($2, "yes")==0);
1473 free($2);
1474 }
1475 ;
1476 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1477 {
1478 OUTYY(("P(server_domain_insecure:%s)\n", $2));
1479 if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1480 yyerror("out of memory");
1481 }
1482 ;
1483 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1484 {
1485 OUTYY(("P(server_hide_identity:%s)\n", $2));
1486 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1487 yyerror("expected yes or no.");
1488 else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1489 free($2);
1490 }
1491 ;
1492 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1493 {
1494 OUTYY(("P(server_hide_version:%s)\n", $2));
1495 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1496 yyerror("expected yes or no.");
1497 else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1498 free($2);
1499 }
1500 ;
1501 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1502 {
1503 OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1504 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1505 yyerror("expected yes or no.");
1506 else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1507 free($2);
1508 }
1509 ;
1510 server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
1511 {
1512 OUTYY(("P(server_hide_user_agent:%s)\n", $2));
1513 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1514 yyerror("expected yes or no.");
1515 else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
1516 free($2);
1517 }
1518 ;
1519 server_identity: VAR_IDENTITY STRING_ARG
1520 {
1521 OUTYY(("P(server_identity:%s)\n", $2));
1522 free(cfg_parser->cfg->identity);
1523 cfg_parser->cfg->identity = $2;
1524 }
1525 ;
1526 server_version: VAR_VERSION STRING_ARG
1527 {
1528 OUTYY(("P(server_version:%s)\n", $2));
1529 free(cfg_parser->cfg->version);
1530 cfg_parser->cfg->version = $2;
1531 }
1532 ;
1533 server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
1534 {
1535 OUTYY(("P(server_http_user_agent:%s)\n", $2));
1536 free(cfg_parser->cfg->http_user_agent);
1537 cfg_parser->cfg->http_user_agent = $2;
1538 }
1539 ;
1540 server_nsid: VAR_NSID STRING_ARG
1541 {
1542 OUTYY(("P(server_nsid:%s)\n", $2));
1543 free(cfg_parser->cfg->nsid_cfg_str);
1544 cfg_parser->cfg->nsid_cfg_str = $2;
1545 free(cfg_parser->cfg->nsid);
1546 cfg_parser->cfg->nsid = NULL;
1547 cfg_parser->cfg->nsid_len = 0;
1548 if (*$2 == 0)
1549 ; /* pass; empty string is not setting nsid */
1550 else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid(
1551 $2, &cfg_parser->cfg->nsid_len)))
1552 yyerror("the NSID must be either a hex string or an "
1553 "ascii character string prepended with ascii_.");
1554 }
1555 ;
1556 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1557 {
1558 OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1559 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1560 yyerror("buffer size expected");
1561 free($2);
1562 }
1563 ;
1564 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1565 {
1566 OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1567 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1568 yyerror("buffer size expected");
1569 free($2);
1570 }
1571 ;
1572 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1573 {
1574 OUTYY(("P(server_so_reuseport:%s)\n", $2));
1575 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1576 yyerror("expected yes or no.");
1577 else cfg_parser->cfg->so_reuseport =
1578 (strcmp($2, "yes")==0);
1579 free($2);
1580 }
1581 ;
1582 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1583 {
1584 OUTYY(("P(server_ip_transparent:%s)\n", $2));
1585 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1586 yyerror("expected yes or no.");
1587 else cfg_parser->cfg->ip_transparent =
1588 (strcmp($2, "yes")==0);
1589 free($2);
1590 }
1591 ;
1592 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1593 {
1594 OUTYY(("P(server_ip_freebind:%s)\n", $2));
1595 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1596 yyerror("expected yes or no.");
1597 else cfg_parser->cfg->ip_freebind =
1598 (strcmp($2, "yes")==0);
1599 free($2);
1600 }
1601 ;
1602 server_ip_dscp: VAR_IP_DSCP STRING_ARG
1603 {
1604 OUTYY(("P(server_ip_dscp:%s)\n", $2));
1605 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1606 yyerror("number expected");
1607 else if (atoi($2) > 63)
1608 yyerror("value too large (max 63)");
1609 else if (atoi($2) < 0)
1610 yyerror("value too small (min 0)");
1611 else
1612 cfg_parser->cfg->ip_dscp = atoi($2);
1613 free($2);
1614 }
1615 ;
1616 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1617 {
1618 OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1619 if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1620 yyerror("memory size expected");
1621 free($2);
1622 }
1623 ;
1624 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1625 {
1626 OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1627 if(atoi($2) == 0)
1628 yyerror("number expected");
1629 else if (atoi($2) < 12)
1630 yyerror("edns buffer size too small");
1631 else if (atoi($2) > 65535)
1632 cfg_parser->cfg->edns_buffer_size = 65535;
1633 else cfg_parser->cfg->edns_buffer_size = atoi($2);
1634 free($2);
1635 }
1636 ;
1637 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1638 {
1639 OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1640 if(atoi($2) == 0)
1641 yyerror("number expected");
1642 else if (atoi($2) < 4096)
1643 yyerror("message buffer size too small (use 4096)");
1644 else cfg_parser->cfg->msg_buffer_size = atoi($2);
1645 free($2);
1646 }
1647 ;
1648 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1649 {
1650 OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1651 if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1652 yyerror("memory size expected");
1653 free($2);
1654 }
1655 ;
1656 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1657 {
1658 OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1659 if(atoi($2) == 0) {
1660 yyerror("number expected");
1661 } else {
1662 cfg_parser->cfg->msg_cache_slabs = atoi($2);
1663 if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1664 yyerror("must be a power of 2");
1665 }
1666 free($2);
1667 }
1668 ;
1669 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1670 {
1671 OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1672 if(atoi($2) == 0)
1673 yyerror("number expected");
1674 else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1675 free($2);
1676 }
1677 ;
1678 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1679 {
1680 OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1681 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1682 yyerror("number expected");
1683 else cfg_parser->cfg->jostle_time = atoi($2);
1684 free($2);
1685 }
1686 ;
1687 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1688 {
1689 OUTYY(("P(server_delay_close:%s)\n", $2));
1690 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1691 yyerror("number expected");
1692 else cfg_parser->cfg->delay_close = atoi($2);
1693 free($2);
1694 }
1695 ;
1696 server_udp_connect: VAR_UDP_CONNECT STRING_ARG
1697 {
1698 OUTYY(("P(server_udp_connect:%s)\n", $2));
1699 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1700 yyerror("expected yes or no.");
1701 else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
1702 free($2);
1703 }
1704 ;
1705 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1706 {
1707 OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1708 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1709 yyerror("expected yes or no.");
1710 else cfg_parser->cfg->unblock_lan_zones =
1711 (strcmp($2, "yes")==0);
1712 free($2);
1713 }
1714 ;
1715 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1716 {
1717 OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1718 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1719 yyerror("expected yes or no.");
1720 else cfg_parser->cfg->insecure_lan_zones =
1721 (strcmp($2, "yes")==0);
1722 free($2);
1723 }
1724 ;
1725 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1726 {
1727 OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1728 if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1729 yyerror("memory size expected");
1730 free($2);
1731 }
1732 ;
1733 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1734 {
1735 OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1736 if(atoi($2) == 0) {
1737 yyerror("number expected");
1738 } else {
1739 cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1740 if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1741 yyerror("must be a power of 2");
1742 }
1743 free($2);
1744 }
1745 ;
1746 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1747 {
1748 OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1749 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1750 yyerror("number expected");
1751 else cfg_parser->cfg->host_ttl = atoi($2);
1752 free($2);
1753 }
1754 ;
1755 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1756 {
1757 OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1758 verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1759 "removed, use infra-host-ttl)", $2);
1760 free($2);
1761 }
1762 ;
1763 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1764 {
1765 OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1766 if(atoi($2) == 0)
1767 yyerror("number expected");
1768 else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1769 free($2);
1770 }
1771 ;
1772 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1773 {
1774 OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1775 verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1776 "(option removed, use infra-cache-numhosts)", $2);
1777 free($2);
1778 }
1779 ;
1780 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1781 {
1782 OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1783 if(atoi($2) == 0) {
1784 yyerror("number expected");
1785 } else {
1786 cfg_parser->cfg->infra_cache_slabs = atoi($2);
1787 if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1788 yyerror("must be a power of 2");
1789 }
1790 free($2);
1791 }
1792 ;
1793 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1794 {
1795 OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1796 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1797 yyerror("number expected");
1798 else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1799 free($2);
1800 }
1801 ;
1802 server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG
1803 {
1804 OUTYY(("P(server_infra_cache_max_rtt:%s)\n", $2));
1805 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1806 yyerror("number expected");
1807 else cfg_parser->cfg->infra_cache_max_rtt = atoi($2);
1808 free($2);
1809 }
1810 ;
1811 server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
1812 {
1813 OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
1814 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1815 yyerror("expected yes or no.");
1816 else cfg_parser->cfg->infra_keep_probing =
1817 (strcmp($2, "yes")==0);
1818 free($2);
1819 }
1820 ;
1821 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1822 {
1823 OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1824 free(cfg_parser->cfg->target_fetch_policy);
1825 cfg_parser->cfg->target_fetch_policy = $2;
1826 }
1827 ;
1828 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1829 {
1830 OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1831 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1832 yyerror("expected yes or no.");
1833 else cfg_parser->cfg->harden_short_bufsize =
1834 (strcmp($2, "yes")==0);
1835 free($2);
1836 }
1837 ;
1838 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1839 {
1840 OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1841 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1842 yyerror("expected yes or no.");
1843 else cfg_parser->cfg->harden_large_queries =
1844 (strcmp($2, "yes")==0);
1845 free($2);
1846 }
1847 ;
1848 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1849 {
1850 OUTYY(("P(server_harden_glue:%s)\n", $2));
1851 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1852 yyerror("expected yes or no.");
1853 else cfg_parser->cfg->harden_glue =
1854 (strcmp($2, "yes")==0);
1855 free($2);
1856 }
1857 ;
1858 server_harden_unverified_glue: VAR_HARDEN_UNVERIFIED_GLUE STRING_ARG
1859 {
1860 OUTYY(("P(server_harden_unverified_glue:%s)\n", $2));
1861 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1862 yyerror("expected yes or no.");
1863 else cfg_parser->cfg->harden_unverified_glue =
1864 (strcmp($2, "yes")==0);
1865 free($2);
1866 }
1867 ;
1868 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1869 {
1870 OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1871 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1872 yyerror("expected yes or no.");
1873 else cfg_parser->cfg->harden_dnssec_stripped =
1874 (strcmp($2, "yes")==0);
1875 free($2);
1876 }
1877 ;
1878 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1879 {
1880 OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1881 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1882 yyerror("expected yes or no.");
1883 else cfg_parser->cfg->harden_below_nxdomain =
1884 (strcmp($2, "yes")==0);
1885 free($2);
1886 }
1887 ;
1888 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1889 {
1890 OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1891 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1892 yyerror("expected yes or no.");
1893 else cfg_parser->cfg->harden_referral_path =
1894 (strcmp($2, "yes")==0);
1895 free($2);
1896 }
1897 ;
1898 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1899 {
1900 OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1901 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1902 yyerror("expected yes or no.");
1903 else cfg_parser->cfg->harden_algo_downgrade =
1904 (strcmp($2, "yes")==0);
1905 free($2);
1906 }
1907 ;
1908 server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG
1909 {
1910 OUTYY(("P(server_harden_unknown_additional:%s)\n", $2));
1911 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1912 yyerror("expected yes or no.");
1913 else cfg_parser->cfg->harden_unknown_additional =
1914 (strcmp($2, "yes")==0);
1915 free($2);
1916 }
1917 ;
1918 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1919 {
1920 OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1921 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1922 yyerror("expected yes or no.");
1923 else cfg_parser->cfg->use_caps_bits_for_id =
1924 (strcmp($2, "yes")==0);
1925 free($2);
1926 }
1927 ;
1928 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1929 {
1930 OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1931 if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1932 yyerror("out of memory");
1933 }
1934 ;
1935 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1936 {
1937 OUTYY(("P(server_private_address:%s)\n", $2));
1938 if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1939 yyerror("out of memory");
1940 }
1941 ;
1942 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1943 {
1944 OUTYY(("P(server_private_domain:%s)\n", $2));
1945 if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1946 yyerror("out of memory");
1947 }
1948 ;
1949 server_prefetch: VAR_PREFETCH STRING_ARG
1950 {
1951 OUTYY(("P(server_prefetch:%s)\n", $2));
1952 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1953 yyerror("expected yes or no.");
1954 else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1955 free($2);
1956 }
1957 ;
1958 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1959 {
1960 OUTYY(("P(server_prefetch_key:%s)\n", $2));
1961 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1962 yyerror("expected yes or no.");
1963 else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1964 free($2);
1965 }
1966 ;
1967 server_deny_any: VAR_DENY_ANY STRING_ARG
1968 {
1969 OUTYY(("P(server_deny_any:%s)\n", $2));
1970 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1971 yyerror("expected yes or no.");
1972 else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1973 free($2);
1974 }
1975 ;
1976 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1977 {
1978 OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1979 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1980 yyerror("number expected");
1981 else cfg_parser->cfg->unwanted_threshold = atoi($2);
1982 free($2);
1983 }
1984 ;
1985 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1986 {
1987 OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1988 if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1989 yyerror("out of memory");
1990 }
1991 ;
1992 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1993 {
1994 OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1995 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1996 yyerror("expected yes or no.");
1997 else cfg_parser->cfg->donotquery_localhost =
1998 (strcmp($2, "yes")==0);
1999 free($2);
2000 }
2001 ;
2002 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
2003 {
2004 OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
2005 validate_acl_action($3);
2006 if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
2007 fatal_exit("out of memory adding acl");
2008 }
2009 ;
2010 server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG
2011 {
2012 OUTYY(("P(server_interface_action:%s %s)\n", $2, $3));
2013 validate_acl_action($3);
2014 if(!cfg_str2list_insert(
2015 &cfg_parser->cfg->interface_actions, $2, $3))
2016 fatal_exit("out of memory adding acl");
2017 }
2018 ;
2019 server_module_conf: VAR_MODULE_CONF STRING_ARG
2020 {
2021 OUTYY(("P(server_module_conf:%s)\n", $2));
2022 free(cfg_parser->cfg->module_conf);
2023 cfg_parser->cfg->module_conf = $2;
2024 }
2025 ;
2026 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
2027 {
2028 OUTYY(("P(server_val_override_date:%s)\n", $2));
2029 if(*$2 == '\0' || strcmp($2, "0") == 0) {
2030 cfg_parser->cfg->val_date_override = 0;
2031 } else if(strlen($2) == 14) {
2032 cfg_parser->cfg->val_date_override =
2033 cfg_convert_timeval($2);
2034 if(!cfg_parser->cfg->val_date_override)
2035 yyerror("bad date/time specification");
2036 } else {
2037 if(atoi($2) == 0)
2038 yyerror("number expected");
2039 cfg_parser->cfg->val_date_override = atoi($2);
2040 }
2041 free($2);
2042 }
2043 ;
2044 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
2045 {
2046 OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
2047 if(*$2 == '\0' || strcmp($2, "0") == 0) {
2048 cfg_parser->cfg->val_sig_skew_min = 0;
2049 } else {
2050 cfg_parser->cfg->val_sig_skew_min = atoi($2);
2051 if(!cfg_parser->cfg->val_sig_skew_min)
2052 yyerror("number expected");
2053 }
2054 free($2);
2055 }
2056 ;
2057 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
2058 {
2059 OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
2060 if(*$2 == '\0' || strcmp($2, "0") == 0) {
2061 cfg_parser->cfg->val_sig_skew_max = 0;
2062 } else {
2063 cfg_parser->cfg->val_sig_skew_max = atoi($2);
2064 if(!cfg_parser->cfg->val_sig_skew_max)
2065 yyerror("number expected");
2066 }
2067 free($2);
2068 }
2069 ;
2070 server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG
2071 {
2072 OUTYY(("P(server_val_max_restart:%s)\n", $2));
2073 if(*$2 == '\0' || strcmp($2, "0") == 0) {
2074 cfg_parser->cfg->val_max_restart = 0;
2075 } else {
2076 cfg_parser->cfg->val_max_restart = atoi($2);
2077 if(!cfg_parser->cfg->val_max_restart)
2078 yyerror("number expected");
2079 }
2080 free($2);
2081 }
2082 ;
2083 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
2084 {
2085 OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
2086 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2087 yyerror("number expected");
2088 else cfg_parser->cfg->max_ttl = atoi($2);
2089 free($2);
2090 }
2091 ;
2092 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
2093 {
2094 OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
2095 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2096 yyerror("number expected");
2097 else cfg_parser->cfg->max_negative_ttl = atoi($2);
2098 free($2);
2099 }
2100 ;
2101 server_cache_min_negative_ttl: VAR_CACHE_MIN_NEGATIVE_TTL STRING_ARG
2102 {
2103 OUTYY(("P(server_cache_min_negative_ttl:%s)\n", $2));
2104 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2105 yyerror("number expected");
2106 else cfg_parser->cfg->min_negative_ttl = atoi($2);
2107 free($2);
2108 }
2109 ;
2110 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
2111 {
2112 OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
2113 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2114 yyerror("number expected");
2115 else cfg_parser->cfg->min_ttl = atoi($2);
2116 free($2);
2117 }
2118 ;
2119 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
2120 {
2121 OUTYY(("P(server_bogus_ttl:%s)\n", $2));
2122 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2123 yyerror("number expected");
2124 else cfg_parser->cfg->bogus_ttl = atoi($2);
2125 free($2);
2126 }
2127 ;
2128 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
2129 {
2130 OUTYY(("P(server_val_clean_additional:%s)\n", $2));
2131 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2132 yyerror("expected yes or no.");
2133 else cfg_parser->cfg->val_clean_additional =
2134 (strcmp($2, "yes")==0);
2135 free($2);
2136 }
2137 ;
2138 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
2139 {
2140 OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
2141 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2142 yyerror("expected yes or no.");
2143 else cfg_parser->cfg->val_permissive_mode =
2144 (strcmp($2, "yes")==0);
2145 free($2);
2146 }
2147 ;
2148 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
2149 {
2150 OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
2151 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2152 yyerror("expected yes or no.");
2153 else
2154 cfg_parser->cfg->aggressive_nsec =
2155 (strcmp($2, "yes")==0);
2156 free($2);
2157 }
2158 ;
2159 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
2160 {
2161 OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
2162 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2163 yyerror("expected yes or no.");
2164 else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
2165 free($2);
2166 }
2167 ;
2168 server_disable_edns_do: VAR_DISABLE_EDNS_DO STRING_ARG
2169 {
2170 OUTYY(("P(server_disable_edns_do:%s)\n", $2));
2171 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2172 yyerror("expected yes or no.");
2173 else cfg_parser->cfg->disable_edns_do = (strcmp($2, "yes")==0);
2174 free($2);
2175 }
2176 ;
2177 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
2178 {
2179 OUTYY(("P(server_serve_expired:%s)\n", $2));
2180 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2181 yyerror("expected yes or no.");
2182 else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
2183 free($2);
2184 }
2185 ;
2186 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
2187 {
2188 OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
2189 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2190 yyerror("number expected");
2191 else cfg_parser->cfg->serve_expired_ttl = atoi($2);
2192 free($2);
2193 }
2194 ;
2195 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
2196 {
2197 OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
2198 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2199 yyerror("expected yes or no.");
2200 else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
2201 free($2);
2202 }
2203 ;
2204 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
2205 {
2206 OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
2207 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2208 yyerror("number expected");
2209 else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
2210 free($2);
2211 }
2212 ;
2213 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
2214 {
2215 OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
2216 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2217 yyerror("number expected");
2218 else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
2219 free($2);
2220 }
2221 ;
2222 server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG
2223 {
2224 OUTYY(("P(server_ede_serve_expired:%s)\n", $2));
2225 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2226 yyerror("expected yes or no.");
2227 else cfg_parser->cfg->ede_serve_expired = (strcmp($2, "yes")==0);
2228 free($2);
2229 }
2230 ;
2231 server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG
2232 {
2233 OUTYY(("P(server_serve_original_ttl:%s)\n", $2));
2234 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2235 yyerror("expected yes or no.");
2236 else cfg_parser->cfg->serve_original_ttl = (strcmp($2, "yes")==0);
2237 free($2);
2238 }
2239 ;
2240 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
2241 {
2242 OUTYY(("P(server_fake_dsa:%s)\n", $2));
2243 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2244 yyerror("expected yes or no.");
2245 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2246 else fake_dsa = (strcmp($2, "yes")==0);
2247 if(fake_dsa)
2248 log_warn("test option fake_dsa is enabled");
2249 #endif
2250 free($2);
2251 }
2252 ;
2253 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
2254 {
2255 OUTYY(("P(server_fake_sha1:%s)\n", $2));
2256 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2257 yyerror("expected yes or no.");
2258 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
2259 else fake_sha1 = (strcmp($2, "yes")==0);
2260 if(fake_sha1)
2261 log_warn("test option fake_sha1 is enabled");
2262 #endif
2263 free($2);
2264 }
2265 ;
2266 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
2267 {
2268 OUTYY(("P(server_val_log_level:%s)\n", $2));
2269 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2270 yyerror("number expected");
2271 else cfg_parser->cfg->val_log_level = atoi($2);
2272 free($2);
2273 }
2274 ;
2275 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
2276 {
2277 OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
2278 free(cfg_parser->cfg->val_nsec3_key_iterations);
2279 cfg_parser->cfg->val_nsec3_key_iterations = $2;
2280 }
2281 ;
2282 server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG
2283 {
2284 OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2));
2285 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2286 yyerror("expected yes or no.");
2287 else cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0);
2288 free($2);
2289 }
2290 ;
2291 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
2292 {
2293 OUTYY(("P(server_add_holddown:%s)\n", $2));
2294 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2295 yyerror("number expected");
2296 else cfg_parser->cfg->add_holddown = atoi($2);
2297 free($2);
2298 }
2299 ;
2300 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
2301 {
2302 OUTYY(("P(server_del_holddown:%s)\n", $2));
2303 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2304 yyerror("number expected");
2305 else cfg_parser->cfg->del_holddown = atoi($2);
2306 free($2);
2307 }
2308 ;
2309 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
2310 {
2311 OUTYY(("P(server_keep_missing:%s)\n", $2));
2312 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2313 yyerror("number expected");
2314 else cfg_parser->cfg->keep_missing = atoi($2);
2315 free($2);
2316 }
2317 ;
2318 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
2319 {
2320 OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
2321 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2322 yyerror("expected yes or no.");
2323 else cfg_parser->cfg->permit_small_holddown =
2324 (strcmp($2, "yes")==0);
2325 free($2);
2326 }
2327 ;
2328 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
2329 {
2330 OUTYY(("P(server_key_cache_size:%s)\n", $2));
2331 if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
2332 yyerror("memory size expected");
2333 free($2);
2334 }
2335 ;
2336 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
2337 {
2338 OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
2339 if(atoi($2) == 0) {
2340 yyerror("number expected");
2341 } else {
2342 cfg_parser->cfg->key_cache_slabs = atoi($2);
2343 if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
2344 yyerror("must be a power of 2");
2345 }
2346 free($2);
2347 }
2348 ;
2349 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
2350 {
2351 OUTYY(("P(server_neg_cache_size:%s)\n", $2));
2352 if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
2353 yyerror("memory size expected");
2354 free($2);
2355 }
2356 ;
2357 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2358 {
2359 OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
2360 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2361 strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2362 strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2363 && strcmp($3, "typetransparent")!=0
2364 && strcmp($3, "always_transparent")!=0
2365 && strcmp($3, "block_a")!=0
2366 && strcmp($3, "always_refuse")!=0
2367 && strcmp($3, "always_nxdomain")!=0
2368 && strcmp($3, "always_nodata")!=0
2369 && strcmp($3, "always_deny")!=0
2370 && strcmp($3, "always_null")!=0
2371 && strcmp($3, "noview")!=0
2372 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
2373 && strcmp($3, "inform_redirect") != 0
2374 && strcmp($3, "ipset") != 0) {
2375 yyerror("local-zone type: expected static, deny, "
2376 "refuse, redirect, transparent, "
2377 "typetransparent, inform, inform_deny, "
2378 "inform_redirect, always_transparent, block_a,"
2379 "always_refuse, always_nxdomain, "
2380 "always_nodata, always_deny, always_null, "
2381 "noview, nodefault or ipset");
2382 free($2);
2383 free($3);
2384 } else if(strcmp($3, "nodefault")==0) {
2385 if(!cfg_strlist_insert(&cfg_parser->cfg->
2386 local_zones_nodefault, $2))
2387 fatal_exit("out of memory adding local-zone");
2388 free($3);
2389 #ifdef USE_IPSET
2390 } else if(strcmp($3, "ipset")==0) {
2391 size_t len = strlen($2);
2392 /* Make sure to add the trailing dot.
2393 * These are str compared to domain names. */
2394 if($2[len-1] != '.') {
2395 if(!($2 = realloc($2, len+2))) {
2396 fatal_exit("out of memory adding local-zone");
2397 }
2398 $2[len] = '.';
2399 $2[len+1] = 0;
2400 }
2401 if(!cfg_strlist_insert(&cfg_parser->cfg->
2402 local_zones_ipset, $2))
2403 fatal_exit("out of memory adding local-zone");
2404 free($3);
2405 #endif
2406 } else {
2407 if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
2408 $2, $3))
2409 fatal_exit("out of memory adding local-zone");
2410 }
2411 }
2412 ;
2413 server_local_data: VAR_LOCAL_DATA STRING_ARG
2414 {
2415 OUTYY(("P(server_local_data:%s)\n", $2));
2416 if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
2417 fatal_exit("out of memory adding local-data");
2418 }
2419 ;
2420 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2421 {
2422 char* ptr;
2423 OUTYY(("P(server_local_data_ptr:%s)\n", $2));
2424 ptr = cfg_ptr_reverse($2);
2425 free($2);
2426 if(ptr) {
2427 if(!cfg_strlist_insert(&cfg_parser->cfg->
2428 local_data, ptr))
2429 fatal_exit("out of memory adding local-data");
2430 } else {
2431 yyerror("local-data-ptr could not be reversed");
2432 }
2433 }
2434 ;
2435 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
2436 {
2437 OUTYY(("P(server_minimal_responses:%s)\n", $2));
2438 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2439 yyerror("expected yes or no.");
2440 else cfg_parser->cfg->minimal_responses =
2441 (strcmp($2, "yes")==0);
2442 free($2);
2443 }
2444 ;
2445 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
2446 {
2447 OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
2448 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2449 yyerror("expected yes or no.");
2450 else cfg_parser->cfg->rrset_roundrobin =
2451 (strcmp($2, "yes")==0);
2452 free($2);
2453 }
2454 ;
2455 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
2456 {
2457 OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
2458 cfg_parser->cfg->unknown_server_time_limit = atoi($2);
2459 free($2);
2460 }
2461 ;
2462 server_discard_timeout: VAR_DISCARD_TIMEOUT STRING_ARG
2463 {
2464 OUTYY(("P(server_discard_timeout:%s)\n", $2));
2465 cfg_parser->cfg->discard_timeout = atoi($2);
2466 free($2);
2467 }
2468 ;
2469 server_wait_limit: VAR_WAIT_LIMIT STRING_ARG
2470 {
2471 OUTYY(("P(server_wait_limit:%s)\n", $2));
2472 cfg_parser->cfg->wait_limit = atoi($2);
2473 free($2);
2474 }
2475 ;
2476 server_wait_limit_cookie: VAR_WAIT_LIMIT_COOKIE STRING_ARG
2477 {
2478 OUTYY(("P(server_wait_limit_cookie:%s)\n", $2));
2479 cfg_parser->cfg->wait_limit_cookie = atoi($2);
2480 free($2);
2481 }
2482 ;
2483 server_wait_limit_netblock: VAR_WAIT_LIMIT_NETBLOCK STRING_ARG STRING_ARG
2484 {
2485 OUTYY(("P(server_wait_limit_netblock:%s %s)\n", $2, $3));
2486 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2487 yyerror("number expected");
2488 free($2);
2489 free($3);
2490 } else {
2491 if(!cfg_str2list_insert(&cfg_parser->cfg->
2492 wait_limit_netblock, $2, $3))
2493 fatal_exit("out of memory adding "
2494 "wait-limit-netblock");
2495 }
2496 }
2497 ;
2498 server_wait_limit_cookie_netblock: VAR_WAIT_LIMIT_COOKIE_NETBLOCK STRING_ARG STRING_ARG
2499 {
2500 OUTYY(("P(server_wait_limit_cookie_netblock:%s %s)\n", $2, $3));
2501 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2502 yyerror("number expected");
2503 free($2);
2504 free($3);
2505 } else {
2506 if(!cfg_str2list_insert(&cfg_parser->cfg->
2507 wait_limit_cookie_netblock, $2, $3))
2508 fatal_exit("out of memory adding "
2509 "wait-limit-cookie-netblock");
2510 }
2511 }
2512 ;
2513 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
2514 {
2515 OUTYY(("P(server_max_udp_size:%s)\n", $2));
2516 cfg_parser->cfg->max_udp_size = atoi($2);
2517 free($2);
2518 }
2519 ;
2520 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
2521 {
2522 OUTYY(("P(dns64_prefix:%s)\n", $2));
2523 free(cfg_parser->cfg->dns64_prefix);
2524 cfg_parser->cfg->dns64_prefix = $2;
2525 }
2526 ;
2527 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
2528 {
2529 OUTYY(("P(server_dns64_synthall:%s)\n", $2));
2530 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2531 yyerror("expected yes or no.");
2532 else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2533 free($2);
2534 }
2535 ;
2536 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2537 {
2538 OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2539 if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2540 $2))
2541 fatal_exit("out of memory adding dns64-ignore-aaaa");
2542 }
2543 ;
2544 server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG
2545 {
2546 OUTYY(("P(nat64_prefix:%s)\n", $2));
2547 free(cfg_parser->cfg->nat64_prefix);
2548 cfg_parser->cfg->nat64_prefix = $2;
2549 }
2550 ;
2551 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2552 {
2553 char* p, *s = $2;
2554 OUTYY(("P(server_define_tag:%s)\n", $2));
2555 while((p=strsep(&s, " \t\n")) != NULL) {
2556 if(*p) {
2557 if(!config_add_tag(cfg_parser->cfg, p))
2558 yyerror("could not define-tag, "
2559 "out of memory");
2560 }
2561 }
2562 free($2);
2563 }
2564 ;
2565 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2566 {
2567 size_t len = 0;
2568 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2569 &len);
2570 free($3);
2571 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2572 if(!bitlist) {
2573 yyerror("could not parse tags, (define-tag them first)");
2574 free($2);
2575 }
2576 if(bitlist) {
2577 if(!cfg_strbytelist_insert(
2578 &cfg_parser->cfg->local_zone_tags,
2579 $2, bitlist, len)) {
2580 yyerror("out of memory");
2581 free($2);
2582 }
2583 }
2584 }
2585 ;
2586 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2587 {
2588 size_t len = 0;
2589 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2590 &len);
2591 free($3);
2592 OUTYY(("P(server_access_control_tag:%s)\n", $2));
2593 if(!bitlist) {
2594 yyerror("could not parse tags, (define-tag them first)");
2595 free($2);
2596 }
2597 if(bitlist) {
2598 if(!cfg_strbytelist_insert(
2599 &cfg_parser->cfg->acl_tags,
2600 $2, bitlist, len)) {
2601 yyerror("out of memory");
2602 free($2);
2603 }
2604 }
2605 }
2606 ;
2607 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2608 {
2609 OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2610 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2611 $2, $3, $4)) {
2612 yyerror("out of memory");
2613 free($2);
2614 free($3);
2615 free($4);
2616 }
2617 }
2618 ;
2619 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2620 {
2621 OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2622 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2623 $2, $3, $4)) {
2624 yyerror("out of memory");
2625 free($2);
2626 free($3);
2627 free($4);
2628 }
2629 }
2630 ;
2631 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2632 {
2633 OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2634 if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2635 $2, $3, $4)) {
2636 yyerror("out of memory");
2637 free($2);
2638 free($3);
2639 free($4);
2640 }
2641 }
2642 ;
2643 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2644 {
2645 OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2646 if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2647 $2, $3)) {
2648 yyerror("out of memory");
2649 }
2650 }
2651 ;
2652 server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG
2653 {
2654 size_t len = 0;
2655 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2656 &len);
2657 free($3);
2658 OUTYY(("P(server_interface_tag:%s)\n", $2));
2659 if(!bitlist) {
2660 yyerror("could not parse tags, (define-tag them first)");
2661 free($2);
2662 }
2663 if(bitlist) {
2664 if(!cfg_strbytelist_insert(
2665 &cfg_parser->cfg->interface_tags,
2666 $2, bitlist, len)) {
2667 yyerror("out of memory");
2668 free($2);
2669 }
2670 }
2671 }
2672 ;
2673 server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2674 {
2675 OUTYY(("P(server_interface_tag_action:%s %s %s)\n", $2, $3, $4));
2676 if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions,
2677 $2, $3, $4)) {
2678 yyerror("out of memory");
2679 free($2);
2680 free($3);
2681 free($4);
2682 }
2683 }
2684 ;
2685 server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2686 {
2687 OUTYY(("P(server_interface_tag_data:%s %s %s)\n", $2, $3, $4));
2688 if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas,
2689 $2, $3, $4)) {
2690 yyerror("out of memory");
2691 free($2);
2692 free($3);
2693 free($4);
2694 }
2695 }
2696 ;
2697 server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG
2698 {
2699 OUTYY(("P(server_interface_view:%s %s)\n", $2, $3));
2700 if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view,
2701 $2, $3)) {
2702 yyerror("out of memory");
2703 }
2704 }
2705 ;
2706 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2707 {
2708 size_t len = 0;
2709 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2710 &len);
2711 free($3);
2712 OUTYY(("P(response_ip_tag:%s)\n", $2));
2713 if(!bitlist) {
2714 yyerror("could not parse tags, (define-tag them first)");
2715 free($2);
2716 }
2717 if(bitlist) {
2718 if(!cfg_strbytelist_insert(
2719 &cfg_parser->cfg->respip_tags,
2720 $2, bitlist, len)) {
2721 yyerror("out of memory");
2722 free($2);
2723 }
2724 }
2725 }
2726 ;
2727 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2728 {
2729 OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2730 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2731 yyerror("number expected");
2732 else cfg_parser->cfg->ip_ratelimit = atoi($2);
2733 free($2);
2734 }
2735 ;
2736 server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG
2737 {
2738 OUTYY(("P(server_ip_ratelimit_cookie:%s)\n", $2));
2739 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2740 yyerror("number expected");
2741 else cfg_parser->cfg->ip_ratelimit_cookie = atoi($2);
2742 free($2);
2743 }
2744 ;
2745 server_ratelimit: VAR_RATELIMIT STRING_ARG
2746 {
2747 OUTYY(("P(server_ratelimit:%s)\n", $2));
2748 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2749 yyerror("number expected");
2750 else cfg_parser->cfg->ratelimit = atoi($2);
2751 free($2);
2752 }
2753 ;
2754 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2755 {
2756 OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2757 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2758 yyerror("memory size expected");
2759 free($2);
2760 }
2761 ;
2762 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2763 {
2764 OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2765 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2766 yyerror("memory size expected");
2767 free($2);
2768 }
2769 ;
2770 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2771 {
2772 OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2773 if(atoi($2) == 0) {
2774 yyerror("number expected");
2775 } else {
2776 cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2777 if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2778 yyerror("must be a power of 2");
2779 }
2780 free($2);
2781 }
2782 ;
2783 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2784 {
2785 OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2786 if(atoi($2) == 0) {
2787 yyerror("number expected");
2788 } else {
2789 cfg_parser->cfg->ratelimit_slabs = atoi($2);
2790 if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2791 yyerror("must be a power of 2");
2792 }
2793 free($2);
2794 }
2795 ;
2796 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2797 {
2798 OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2799 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2800 yyerror("number expected");
2801 free($2);
2802 free($3);
2803 } else {
2804 if(!cfg_str2list_insert(&cfg_parser->cfg->
2805 ratelimit_for_domain, $2, $3))
2806 fatal_exit("out of memory adding "
2807 "ratelimit-for-domain");
2808 }
2809 }
2810 ;
2811 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2812 {
2813 OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2814 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2815 yyerror("number expected");
2816 free($2);
2817 free($3);
2818 } else {
2819 if(!cfg_str2list_insert(&cfg_parser->cfg->
2820 ratelimit_below_domain, $2, $3))
2821 fatal_exit("out of memory adding "
2822 "ratelimit-below-domain");
2823 }
2824 }
2825 ;
2826 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2827 {
2828 OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2829 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2830 yyerror("number expected");
2831 else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2832 free($2);
2833 }
2834 ;
2835 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2836 {
2837 OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2838 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2839 yyerror("number expected");
2840 else cfg_parser->cfg->ratelimit_factor = atoi($2);
2841 free($2);
2842 }
2843 ;
2844 server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG
2845 {
2846 OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", $2));
2847 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2848 yyerror("expected yes or no.");
2849 else cfg_parser->cfg->ip_ratelimit_backoff =
2850 (strcmp($2, "yes")==0);
2851 free($2);
2852 }
2853 ;
2854 server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG
2855 {
2856 OUTYY(("P(server_ratelimit_backoff:%s)\n", $2));
2857 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2858 yyerror("expected yes or no.");
2859 else cfg_parser->cfg->ratelimit_backoff =
2860 (strcmp($2, "yes")==0);
2861 free($2);
2862 }
2863 ;
2864 server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
2865 {
2866 OUTYY(("P(server_outbound_msg_retry:%s)\n", $2));
2867 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2868 yyerror("number expected");
2869 else cfg_parser->cfg->outbound_msg_retry = atoi($2);
2870 free($2);
2871 }
2872 ;
2873 server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG
2874 {
2875 OUTYY(("P(server_max_sent_count:%s)\n", $2));
2876 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2877 yyerror("number expected");
2878 else cfg_parser->cfg->max_sent_count = atoi($2);
2879 free($2);
2880 }
2881 ;
2882 server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG
2883 {
2884 OUTYY(("P(server_max_query_restarts:%s)\n", $2));
2885 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2886 yyerror("number expected");
2887 else cfg_parser->cfg->max_query_restarts = atoi($2);
2888 free($2);
2889 }
2890 ;
2891 server_low_rtt: VAR_LOW_RTT STRING_ARG
2892 {
2893 OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2894 free($2);
2895 }
2896 ;
2897 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2898 {
2899 OUTYY(("P(server_fast_server_num:%s)\n", $2));
2900 if(atoi($2) <= 0)
2901 yyerror("number expected");
2902 else cfg_parser->cfg->fast_server_num = atoi($2);
2903 free($2);
2904 }
2905 ;
2906 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2907 {
2908 OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2909 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2910 yyerror("number expected");
2911 else cfg_parser->cfg->fast_server_permil = atoi($2);
2912 free($2);
2913 }
2914 ;
2915 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2916 {
2917 OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2918 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2919 yyerror("expected yes or no.");
2920 else cfg_parser->cfg->qname_minimisation =
2921 (strcmp($2, "yes")==0);
2922 free($2);
2923 }
2924 ;
2925 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2926 {
2927 OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2928 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2929 yyerror("expected yes or no.");
2930 else cfg_parser->cfg->qname_minimisation_strict =
2931 (strcmp($2, "yes")==0);
2932 free($2);
2933 }
2934 ;
2935 server_pad_responses: VAR_PAD_RESPONSES STRING_ARG
2936 {
2937 OUTYY(("P(server_pad_responses:%s)\n", $2));
2938 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2939 yyerror("expected yes or no.");
2940 else cfg_parser->cfg->pad_responses =
2941 (strcmp($2, "yes")==0);
2942 free($2);
2943 }
2944 ;
2945 server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG
2946 {
2947 OUTYY(("P(server_pad_responses_block_size:%s)\n", $2));
2948 if(atoi($2) == 0)
2949 yyerror("number expected");
2950 else cfg_parser->cfg->pad_responses_block_size = atoi($2);
2951 free($2);
2952 }
2953 ;
2954 server_pad_queries: VAR_PAD_QUERIES STRING_ARG
2955 {
2956 OUTYY(("P(server_pad_queries:%s)\n", $2));
2957 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2958 yyerror("expected yes or no.");
2959 else cfg_parser->cfg->pad_queries =
2960 (strcmp($2, "yes")==0);
2961 free($2);
2962 }
2963 ;
2964 server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG
2965 {
2966 OUTYY(("P(server_pad_queries_block_size:%s)\n", $2));
2967 if(atoi($2) == 0)
2968 yyerror("number expected");
2969 else cfg_parser->cfg->pad_queries_block_size = atoi($2);
2970 free($2);
2971 }
2972 ;
2973 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2974 {
2975 #ifdef USE_IPSECMOD
2976 OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2977 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2978 yyerror("expected yes or no.");
2979 else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2980 #else
2981 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2982 #endif
2983 free($2);
2984 }
2985 ;
2986 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2987 {
2988 #ifdef USE_IPSECMOD
2989 OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2990 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2991 yyerror("expected yes or no.");
2992 else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2993 #else
2994 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2995 #endif
2996 free($2);
2997 }
2998 ;
2999 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
3000 {
3001 #ifdef USE_IPSECMOD
3002 OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
3003 free(cfg_parser->cfg->ipsecmod_hook);
3004 cfg_parser->cfg->ipsecmod_hook = $2;
3005 #else
3006 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
3007 free($2);
3008 #endif
3009 }
3010 ;
3011 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
3012 {
3013 #ifdef USE_IPSECMOD
3014 OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
3015 if(atoi($2) == 0 && strcmp($2, "0") != 0)
3016 yyerror("number expected");
3017 else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
3018 free($2);
3019 #else
3020 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
3021 free($2);
3022 #endif
3023 }
3024 ;
3025 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
3026 {
3027 #ifdef USE_IPSECMOD
3028 OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
3029 if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
3030 yyerror("out of memory");
3031 #else
3032 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
3033 free($2);
3034 #endif
3035 }
3036 ;
3037 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
3038 {
3039 #ifdef USE_IPSECMOD
3040 OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
3041 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3042 yyerror("expected yes or no.");
3043 else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
3044 free($2);
3045 #else
3046 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
3047 free($2);
3048 #endif
3049 }
3050 ;
3051 server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
3052 {
3053 OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
3054 if(!cfg_str2list_insert(
3055 &cfg_parser->cfg->edns_client_strings, $2, $3))
3056 fatal_exit("out of memory adding "
3057 "edns-client-string");
3058 }
3059 ;
3060 server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
3061 {
3062 OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
3063 if(atoi($2) == 0 && strcmp($2, "0") != 0)
3064 yyerror("option code expected");
3065 else if(atoi($2) > 65535 || atoi($2) < 0)
3066 yyerror("option code must be in interval [0, 65535]");
3067 else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
3068 free($2);
3069 }
3070 ;
3071 server_ede: VAR_EDE STRING_ARG
3072 {
3073 OUTYY(("P(server_ede:%s)\n", $2));
3074 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3075 yyerror("expected yes or no.");
3076 else cfg_parser->cfg->ede = (strcmp($2, "yes")==0);
3077 free($2);
3078 }
3079 ;
3080 server_dns_error_reporting: VAR_DNS_ERROR_REPORTING STRING_ARG
3081 {
3082 OUTYY(("P(server_dns_error_reporting:%s)\n", $2));
3083 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3084 yyerror("expected yes or no.");
3085 else cfg_parser->cfg->dns_error_reporting = (strcmp($2, "yes")==0);
3086 free($2);
3087 }
3088 ;
3089 server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG
3090 {
3091 OUTYY(("P(server_proxy_protocol_port:%s)\n", $2));
3092 if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, $2))
3093 yyerror("out of memory");
3094 }
3095 ;
3096 stub_name: VAR_NAME STRING_ARG
3097 {
3098 OUTYY(("P(name:%s)\n", $2));
3099 if(cfg_parser->cfg->stubs->name)
3100 yyerror("stub name override, there must be one name "
3101 "for one stub-zone");
3102 free(cfg_parser->cfg->stubs->name);
3103 cfg_parser->cfg->stubs->name = $2;
3104 }
3105 ;
3106 stub_host: VAR_STUB_HOST STRING_ARG
3107 {
3108 OUTYY(("P(stub-host:%s)\n", $2));
3109 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
3110 yyerror("out of memory");
3111 }
3112 ;
3113 stub_addr: VAR_STUB_ADDR STRING_ARG
3114 {
3115 OUTYY(("P(stub-addr:%s)\n", $2));
3116 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
3117 yyerror("out of memory");
3118 }
3119 ;
3120 stub_first: VAR_STUB_FIRST STRING_ARG
3121 {
3122 OUTYY(("P(stub-first:%s)\n", $2));
3123 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3124 yyerror("expected yes or no.");
3125 else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
3126 free($2);
3127 }
3128 ;
3129 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
3130 {
3131 OUTYY(("P(stub-no-cache:%s)\n", $2));
3132 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3133 yyerror("expected yes or no.");
3134 else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
3135 free($2);
3136 }
3137 ;
3138 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
3139 {
3140 OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
3141 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3142 yyerror("expected yes or no.");
3143 else cfg_parser->cfg->stubs->ssl_upstream =
3144 (strcmp($2, "yes")==0);
3145 free($2);
3146 }
3147 ;
3148 stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG
3149 {
3150 OUTYY(("P(stub-tcp-upstream:%s)\n", $2));
3151 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3152 yyerror("expected yes or no.");
3153 else cfg_parser->cfg->stubs->tcp_upstream =
3154 (strcmp($2, "yes")==0);
3155 free($2);
3156 }
3157 ;
3158 stub_prime: VAR_STUB_PRIME STRING_ARG
3159 {
3160 OUTYY(("P(stub-prime:%s)\n", $2));
3161 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3162 yyerror("expected yes or no.");
3163 else cfg_parser->cfg->stubs->isprime =
3164 (strcmp($2, "yes")==0);
3165 free($2);
3166 }
3167 ;
3168 forward_name: VAR_NAME STRING_ARG
3169 {
3170 OUTYY(("P(name:%s)\n", $2));
3171 if(cfg_parser->cfg->forwards->name)
3172 yyerror("forward name override, there must be one "
3173 "name for one forward-zone");
3174 free(cfg_parser->cfg->forwards->name);
3175 cfg_parser->cfg->forwards->name = $2;
3176 }
3177 ;
3178 forward_host: VAR_FORWARD_HOST STRING_ARG
3179 {
3180 OUTYY(("P(forward-host:%s)\n", $2));
3181 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
3182 yyerror("out of memory");
3183 }
3184 ;
3185 forward_addr: VAR_FORWARD_ADDR STRING_ARG
3186 {
3187 OUTYY(("P(forward-addr:%s)\n", $2));
3188 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
3189 yyerror("out of memory");
3190 }
3191 ;
3192 forward_first: VAR_FORWARD_FIRST STRING_ARG
3193 {
3194 OUTYY(("P(forward-first:%s)\n", $2));
3195 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3196 yyerror("expected yes or no.");
3197 else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
3198 free($2);
3199 }
3200 ;
3201 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
3202 {
3203 OUTYY(("P(forward-no-cache:%s)\n", $2));
3204 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3205 yyerror("expected yes or no.");
3206 else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
3207 free($2);
3208 }
3209 ;
3210 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
3211 {
3212 OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
3213 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3214 yyerror("expected yes or no.");
3215 else cfg_parser->cfg->forwards->ssl_upstream =
3216 (strcmp($2, "yes")==0);
3217 free($2);
3218 }
3219 ;
3220 forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG
3221 {
3222 OUTYY(("P(forward-tcp-upstream:%s)\n", $2));
3223 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3224 yyerror("expected yes or no.");
3225 else cfg_parser->cfg->forwards->tcp_upstream =
3226 (strcmp($2, "yes")==0);
3227 free($2);
3228 }
3229 ;
3230 auth_name: VAR_NAME STRING_ARG
3231 {
3232 OUTYY(("P(name:%s)\n", $2));
3233 if(cfg_parser->cfg->auths->name)
3234 yyerror("auth name override, there must be one name "
3235 "for one auth-zone");
3236 free(cfg_parser->cfg->auths->name);
3237 cfg_parser->cfg->auths->name = $2;
3238 }
3239 ;
3240 auth_zonefile: VAR_ZONEFILE STRING_ARG
3241 {
3242 OUTYY(("P(zonefile:%s)\n", $2));
3243 free(cfg_parser->cfg->auths->zonefile);
3244 cfg_parser->cfg->auths->zonefile = $2;
3245 }
3246 ;
3247 auth_master: VAR_MASTER STRING_ARG
3248 {
3249 OUTYY(("P(master:%s)\n", $2));
3250 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
3251 yyerror("out of memory");
3252 }
3253 ;
3254 auth_url: VAR_URL STRING_ARG
3255 {
3256 OUTYY(("P(url:%s)\n", $2));
3257 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
3258 yyerror("out of memory");
3259 }
3260 ;
3261 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
3262 {
3263 OUTYY(("P(allow-notify:%s)\n", $2));
3264 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
3265 $2))
3266 yyerror("out of memory");
3267 }
3268 ;
3269 auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG
3270 {
3271 OUTYY(("P(zonemd-check:%s)\n", $2));
3272 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3273 yyerror("expected yes or no.");
3274 else cfg_parser->cfg->auths->zonemd_check =
3275 (strcmp($2, "yes")==0);
3276 free($2);
3277 }
3278 ;
3279 auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG
3280 {
3281 OUTYY(("P(zonemd-reject-absence:%s)\n", $2));
3282 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3283 yyerror("expected yes or no.");
3284 else cfg_parser->cfg->auths->zonemd_reject_absence =
3285 (strcmp($2, "yes")==0);
3286 free($2);
3287 }
3288 ;
3289 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
3290 {
3291 OUTYY(("P(for-downstream:%s)\n", $2));
3292 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3293 yyerror("expected yes or no.");
3294 else cfg_parser->cfg->auths->for_downstream =
3295 (strcmp($2, "yes")==0);
3296 free($2);
3297 }
3298 ;
3299 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
3300 {
3301 OUTYY(("P(for-upstream:%s)\n", $2));
3302 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3303 yyerror("expected yes or no.");
3304 else cfg_parser->cfg->auths->for_upstream =
3305 (strcmp($2, "yes")==0);
3306 free($2);
3307 }
3308 ;
3309 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
3310 {
3311 OUTYY(("P(fallback-enabled:%s)\n", $2));
3312 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3313 yyerror("expected yes or no.");
3314 else cfg_parser->cfg->auths->fallback_enabled =
3315 (strcmp($2, "yes")==0);
3316 free($2);
3317 }
3318 ;
3319 view_name: VAR_NAME STRING_ARG
3320 {
3321 OUTYY(("P(name:%s)\n", $2));
3322 if(cfg_parser->cfg->views->name)
3323 yyerror("view name override, there must be one "
3324 "name for one view");
3325 free(cfg_parser->cfg->views->name);
3326 cfg_parser->cfg->views->name = $2;
3327 }
3328 ;
3329 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
3330 {
3331 OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
3332 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
3333 strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
3334 strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
3335 && strcmp($3, "typetransparent")!=0
3336 && strcmp($3, "always_transparent")!=0
3337 && strcmp($3, "always_refuse")!=0
3338 && strcmp($3, "always_nxdomain")!=0
3339 && strcmp($3, "always_nodata")!=0
3340 && strcmp($3, "always_deny")!=0
3341 && strcmp($3, "always_null")!=0
3342 && strcmp($3, "noview")!=0
3343 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
3344 && strcmp($3, "inform_redirect") != 0
3345 && strcmp($3, "ipset") != 0) {
3346 yyerror("local-zone type: expected static, deny, "
3347 "refuse, redirect, transparent, "
3348 "typetransparent, inform, inform_deny, "
3349 "inform_redirect, always_transparent, "
3350 "always_refuse, always_nxdomain, "
3351 "always_nodata, always_deny, always_null, "
3352 "noview, nodefault or ipset");
3353 free($2);
3354 free($3);
3355 } else if(strcmp($3, "nodefault")==0) {
3356 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3357 local_zones_nodefault, $2))
3358 fatal_exit("out of memory adding local-zone");
3359 free($3);
3360 #ifdef USE_IPSET
3361 } else if(strcmp($3, "ipset")==0) {
3362 size_t len = strlen($2);
3363 /* Make sure to add the trailing dot.
3364 * These are str compared to domain names. */
3365 if($2[len-1] != '.') {
3366 if(!($2 = realloc($2, len+2))) {
3367 fatal_exit("out of memory adding local-zone");
3368 }
3369 $2[len] = '.';
3370 $2[len+1] = 0;
3371 }
3372 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3373 local_zones_ipset, $2))
3374 fatal_exit("out of memory adding local-zone");
3375 free($3);
3376 #endif
3377 } else {
3378 if(!cfg_str2list_insert(
3379 &cfg_parser->cfg->views->local_zones,
3380 $2, $3))
3381 fatal_exit("out of memory adding local-zone");
3382 }
3383 }
3384 ;
3385 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3386 {
3387 OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
3388 validate_respip_action($3);
3389 if(!cfg_str2list_insert(
3390 &cfg_parser->cfg->views->respip_actions, $2, $3))
3391 fatal_exit("out of memory adding per-view "
3392 "response-ip action");
3393 }
3394 ;
3395 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3396 {
3397 OUTYY(("P(view_response_ip_data:%s)\n", $2));
3398 if(!cfg_str2list_insert(
3399 &cfg_parser->cfg->views->respip_data, $2, $3))
3400 fatal_exit("out of memory adding response-ip-data");
3401 }
3402 ;
3403 view_local_data: VAR_LOCAL_DATA STRING_ARG
3404 {
3405 OUTYY(("P(view_local_data:%s)\n", $2));
3406 if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
3407 fatal_exit("out of memory adding local-data");
3408 }
3409 }
3410 ;
3411 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
3412 {
3413 char* ptr;
3414 OUTYY(("P(view_local_data_ptr:%s)\n", $2));
3415 ptr = cfg_ptr_reverse($2);
3416 free($2);
3417 if(ptr) {
3418 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
3419 local_data, ptr))
3420 fatal_exit("out of memory adding local-data");
3421 } else {
3422 yyerror("local-data-ptr could not be reversed");
3423 }
3424 }
3425 ;
3426 view_first: VAR_VIEW_FIRST STRING_ARG
3427 {
3428 OUTYY(("P(view-first:%s)\n", $2));
3429 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3430 yyerror("expected yes or no.");
3431 else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
3432 free($2);
3433 }
3434 ;
3435 rcstart: VAR_REMOTE_CONTROL
3436 {
3437 OUTYY(("\nP(remote-control:)\n"));
3438 cfg_parser->started_toplevel = 1;
3439 }
3440 ;
3441 contents_rc: contents_rc content_rc
3442 | ;
3443 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
3444 rc_server_key_file | rc_server_cert_file | rc_control_key_file |
3445 rc_control_cert_file | rc_control_use_cert
3446 ;
3447 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
3448 {
3449 OUTYY(("P(control_enable:%s)\n", $2));
3450 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3451 yyerror("expected yes or no.");
3452 else cfg_parser->cfg->remote_control_enable =
3453 (strcmp($2, "yes")==0);
3454 free($2);
3455 }
3456 ;
3457 rc_control_port: VAR_CONTROL_PORT STRING_ARG
3458 {
3459 OUTYY(("P(control_port:%s)\n", $2));
3460 if(atoi($2) == 0)
3461 yyerror("control port number expected");
3462 else cfg_parser->cfg->control_port = atoi($2);
3463 free($2);
3464 }
3465 ;
3466 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
3467 {
3468 OUTYY(("P(control_interface:%s)\n", $2));
3469 if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
3470 yyerror("out of memory");
3471 }
3472 ;
3473 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
3474 {
3475 OUTYY(("P(control_use_cert:%s)\n", $2));
3476 cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
3477 free($2);
3478 }
3479 ;
3480 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
3481 {
3482 OUTYY(("P(rc_server_key_file:%s)\n", $2));
3483 free(cfg_parser->cfg->server_key_file);
3484 cfg_parser->cfg->server_key_file = $2;
3485 }
3486 ;
3487 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
3488 {
3489 OUTYY(("P(rc_server_cert_file:%s)\n", $2));
3490 free(cfg_parser->cfg->server_cert_file);
3491 cfg_parser->cfg->server_cert_file = $2;
3492 }
3493 ;
3494 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
3495 {
3496 OUTYY(("P(rc_control_key_file:%s)\n", $2));
3497 free(cfg_parser->cfg->control_key_file);
3498 cfg_parser->cfg->control_key_file = $2;
3499 }
3500 ;
3501 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
3502 {
3503 OUTYY(("P(rc_control_cert_file:%s)\n", $2));
3504 free(cfg_parser->cfg->control_cert_file);
3505 cfg_parser->cfg->control_cert_file = $2;
3506 }
3507 ;
3508 dtstart: VAR_DNSTAP
3509 {
3510 OUTYY(("\nP(dnstap:)\n"));
3511 cfg_parser->started_toplevel = 1;
3512 }
3513 ;
3514 contents_dt: contents_dt content_dt
3515 | ;
3516 content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
3517 dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
3518 dt_dnstap_tls_cert_bundle |
3519 dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
3520 dt_dnstap_send_identity | dt_dnstap_send_version |
3521 dt_dnstap_identity | dt_dnstap_version |
3522 dt_dnstap_log_resolver_query_messages |
3523 dt_dnstap_log_resolver_response_messages |
3524 dt_dnstap_log_client_query_messages |
3525 dt_dnstap_log_client_response_messages |
3526 dt_dnstap_log_forwarder_query_messages |
3527 dt_dnstap_log_forwarder_response_messages |
3528 dt_dnstap_sample_rate
3529 ;
3530 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
3531 {
3532 OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
3533 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3534 yyerror("expected yes or no.");
3535 else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
3536 free($2);
3537 }
3538 ;
3539 dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
3540 {
3541 OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
3542 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3543 yyerror("expected yes or no.");
3544 else cfg_parser->cfg->dnstap_bidirectional =
3545 (strcmp($2, "yes")==0);
3546 free($2);
3547 }
3548 ;
3549 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
3550 {
3551 OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
3552 free(cfg_parser->cfg->dnstap_socket_path);
3553 cfg_parser->cfg->dnstap_socket_path = $2;
3554 }
3555 ;
3556 dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG
3557 {
3558 OUTYY(("P(dt_dnstap_ip:%s)\n", $2));
3559 free(cfg_parser->cfg->dnstap_ip);
3560 cfg_parser->cfg->dnstap_ip = $2;
3561 }
3562 ;
3563 dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG
3564 {
3565 OUTYY(("P(dt_dnstap_tls:%s)\n", $2));
3566 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3567 yyerror("expected yes or no.");
3568 else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0);
3569 free($2);
3570 }
3571 ;
3572 dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG
3573 {
3574 OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2));
3575 free(cfg_parser->cfg->dnstap_tls_server_name);
3576 cfg_parser->cfg->dnstap_tls_server_name = $2;
3577 }
3578 ;
3579 dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG
3580 {
3581 OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2));
3582 free(cfg_parser->cfg->dnstap_tls_cert_bundle);
3583 cfg_parser->cfg->dnstap_tls_cert_bundle = $2;
3584 }
3585 ;
3586 dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG
3587 {
3588 OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2));
3589 free(cfg_parser->cfg->dnstap_tls_client_key_file);
3590 cfg_parser->cfg->dnstap_tls_client_key_file = $2;
3591 }
3592 ;
3593 dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG
3594 {
3595 OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2));
3596 free(cfg_parser->cfg->dnstap_tls_client_cert_file);
3597 cfg_parser->cfg->dnstap_tls_client_cert_file = $2;
3598 }
3599 ;
3600 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
3601 {
3602 OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
3603 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3604 yyerror("expected yes or no.");
3605 else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
3606 free($2);
3607 }
3608 ;
3609 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
3610 {
3611 OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
3612 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3613 yyerror("expected yes or no.");
3614 else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
3615 free($2);
3616 }
3617 ;
3618 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
3619 {
3620 OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
3621 free(cfg_parser->cfg->dnstap_identity);
3622 cfg_parser->cfg->dnstap_identity = $2;
3623 }
3624 ;
3625 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
3626 {
3627 OUTYY(("P(dt_dnstap_version:%s)\n", $2));
3628 free(cfg_parser->cfg->dnstap_version);
3629 cfg_parser->cfg->dnstap_version = $2;
3630 }
3631 ;
3632 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
3633 {
3634 OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
3635 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3636 yyerror("expected yes or no.");
3637 else cfg_parser->cfg->dnstap_log_resolver_query_messages =
3638 (strcmp($2, "yes")==0);
3639 free($2);
3640 }
3641 ;
3642 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
3643 {
3644 OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
3645 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3646 yyerror("expected yes or no.");
3647 else cfg_parser->cfg->dnstap_log_resolver_response_messages =
3648 (strcmp($2, "yes")==0);
3649 free($2);
3650 }
3651 ;
3652 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
3653 {
3654 OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
3655 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3656 yyerror("expected yes or no.");
3657 else cfg_parser->cfg->dnstap_log_client_query_messages =
3658 (strcmp($2, "yes")==0);
3659 free($2);
3660 }
3661 ;
3662 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
3663 {
3664 OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
3665 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3666 yyerror("expected yes or no.");
3667 else cfg_parser->cfg->dnstap_log_client_response_messages =
3668 (strcmp($2, "yes")==0);
3669 free($2);
3670 }
3671 ;
3672 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
3673 {
3674 OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
3675 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3676 yyerror("expected yes or no.");
3677 else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
3678 (strcmp($2, "yes")==0);
3679 free($2);
3680 }
3681 ;
3682 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
3683 {
3684 OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
3685 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3686 yyerror("expected yes or no.");
3687 else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
3688 (strcmp($2, "yes")==0);
3689 free($2);
3690 }
3691 ;
3692 dt_dnstap_sample_rate: VAR_DNSTAP_SAMPLE_RATE STRING_ARG
3693 {
3694 OUTYY(("P(dt_dnstap_sample_rate:%s)\n", $2));
3695 if(atoi($2) == 0 && strcmp($2, "0") != 0)
3696 yyerror("number expected");
3697 else if(atoi($2) < 0)
3698 yyerror("dnstap sample rate too small");
3699 else cfg_parser->cfg->dnstap_sample_rate = atoi($2);
3700 free($2);
3701 }
3702 ;
3703 pythonstart: VAR_PYTHON
3704 {
3705 OUTYY(("\nP(python:)\n"));
3706 cfg_parser->started_toplevel = 1;
3707 }
3708 ;
3709 contents_py: contents_py content_py
3710 | ;
3711 content_py: py_script
3712 ;
3713 py_script: VAR_PYTHON_SCRIPT STRING_ARG
3714 {
3715 OUTYY(("P(python-script:%s)\n", $2));
3716 if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
3717 yyerror("out of memory");
3718 }
3719 ;
3720 dynlibstart: VAR_DYNLIB
3721 {
3722 OUTYY(("\nP(dynlib:)\n"));
3723 cfg_parser->started_toplevel = 1;
3724 }
3725 ;
3726 contents_dl: contents_dl content_dl
3727 | ;
3728 content_dl: dl_file
3729 ;
3730 dl_file: VAR_DYNLIB_FILE STRING_ARG
3731 {
3732 OUTYY(("P(dynlib-file:%s)\n", $2));
3733 if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2))
3734 yyerror("out of memory");
3735 }
3736 ;
3737 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
3738 {
3739 OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
3740 if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3741 yyerror("expected yes or no.");
3742 else cfg_parser->cfg->disable_dnssec_lame_check =
3743 (strcmp($2, "yes")==0);
3744 free($2);
3745 }
3746 ;
3747 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
3748 {
3749 OUTYY(("P(server_log_identity:%s)\n", $2));
3750 free(cfg_parser->cfg->log_identity);
3751 cfg_parser->cfg->log_identity = $2;
3752 }
3753 ;
3754 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
3755 {
3756 OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
3757 validate_respip_action($3);
3758 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
3759 $2, $3))
3760 fatal_exit("out of memory adding response-ip");
3761 }
3762 ;
3763 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
3764 {
3765 OUTYY(("P(server_response_ip_data:%s)\n", $2));
3766 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
3767 $2, $3))
3768 fatal_exit("out of memory adding response-ip-data");
3769 }
3770 ;
3771 dnscstart: VAR_DNSCRYPT
3772 {
3773 OUTYY(("\nP(dnscrypt:)\n"));
3774 cfg_parser->started_toplevel = 1;
3775 }
3776 ;
3777 contents_dnsc: contents_dnsc content_dnsc
3778 | ;
3779 content_dnsc:
3780 dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
3781 dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
3782 dnsc_dnscrypt_provider_cert_rotated |
3783 dnsc_dnscrypt_shared_secret_cache_size |
3784 dnsc_dnscrypt_shared_secret_cache_slabs |
3785 dnsc_dnscrypt_nonce_cache_size |
3786 dnsc_dnscrypt_nonce_cache_slabs
3787 ;
3788 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
3789 {
3790 OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
3791 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3792 yyerror("expected yes or no.");
3793 else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
3794 free($2);
3795 }
3796 ;
3797 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
3798 {
3799 OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
3800 if(atoi($2) == 0)
3801 yyerror("port number expected");
3802 else cfg_parser->cfg->dnscrypt_port = atoi($2);
3803 free($2);
3804 }
3805 ;
3806 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
3807 {
3808 OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
3809 free(cfg_parser->cfg->dnscrypt_provider);
3810 cfg_parser->cfg->dnscrypt_provider = $2;
3811 }
3812 ;
3813 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
3814 {
3815 OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
3816 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
3817 log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
3818 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
3819 fatal_exit("out of memory adding dnscrypt-provider-cert");
3820 }
3821 ;
3822 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
3823 {
3824 OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
3825 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
3826 fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
3827 }
3828 ;
3829 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
3830 {
3831 OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
3832 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
3833 log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
3834 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
3835 fatal_exit("out of memory adding dnscrypt-secret-key");
3836 }
3837 ;
3838 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
3839 {
3840 OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
3841 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
3842 yyerror("memory size expected");
3843 free($2);
3844 }
3845 ;
3846 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
3847 {
3848 OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
3849 if(atoi($2) == 0) {
3850 yyerror("number expected");
3851 } else {
3852 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
3853 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
3854 yyerror("must be a power of 2");
3855 }
3856 free($2);
3857 }
3858 ;
3859 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
3860 {
3861 OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
3862 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
3863 yyerror("memory size expected");
3864 free($2);
3865 }
3866 ;
3867 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
3868 {
3869 OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
3870 if(atoi($2) == 0) {
3871 yyerror("number expected");
3872 } else {
3873 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
3874 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
3875 yyerror("must be a power of 2");
3876 }
3877 free($2);
3878 }
3879 ;
3880 cachedbstart: VAR_CACHEDB
3881 {
3882 OUTYY(("\nP(cachedb:)\n"));
3883 cfg_parser->started_toplevel = 1;
3884 }
3885 ;
3886 contents_cachedb: contents_cachedb content_cachedb
3887 | ;
3888 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3889 redis_server_host | redis_replica_server_host |
3890 redis_server_port | redis_replica_server_port |
3891 redis_timeout | redis_replica_timeout |
3892 redis_command_timeout | redis_replica_command_timeout |
3893 redis_connect_timeout | redis_replica_connect_timeout |
3894 redis_server_path | redis_replica_server_path |
3895 redis_server_password | redis_replica_server_password |
3896 redis_logical_db | redis_replica_logical_db |
3897 cachedb_no_store | redis_expire_records |
3898 cachedb_check_when_serve_expired
3899 ;
3900 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3901 {
3902 #ifdef USE_CACHEDB
3903 OUTYY(("P(backend:%s)\n", $2));
3904 free(cfg_parser->cfg->cachedb_backend);
3905 cfg_parser->cfg->cachedb_backend = $2;
3906 #else
3907 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3908 free($2);
3909 #endif
3910 }
3911 ;
3912 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3913 {
3914 #ifdef USE_CACHEDB
3915 OUTYY(("P(secret-seed:%s)\n", $2));
3916 free(cfg_parser->cfg->cachedb_secret);
3917 cfg_parser->cfg->cachedb_secret = $2;
3918 #else
3919 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3920 free($2);
3921 #endif
3922 }
3923 ;
3924 cachedb_no_store: VAR_CACHEDB_NO_STORE STRING_ARG
3925 {
3926 #ifdef USE_CACHEDB
3927 OUTYY(("P(cachedb_no_store:%s)\n", $2));
3928 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3929 yyerror("expected yes or no.");
3930 else cfg_parser->cfg->cachedb_no_store = (strcmp($2, "yes")==0);
3931 #else
3932 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3933 #endif
3934 free($2);
3935 }
3936 ;
3937 cachedb_check_when_serve_expired: VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED STRING_ARG
3938 {
3939 #ifdef USE_CACHEDB
3940 OUTYY(("P(cachedb_check_when_serve_expired:%s)\n", $2));
3941 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
3942 yyerror("expected yes or no.");
3943 else cfg_parser->cfg->cachedb_check_when_serve_expired = (strcmp($2, "yes")==0);
3944 #else
3945 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3946 #endif
3947 free($2);
3948 }
3949 ;
3950 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3951 {
3952 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3953 OUTYY(("P(redis_server_host:%s)\n", $2));
3954 free(cfg_parser->cfg->redis_server_host);
3955 cfg_parser->cfg->redis_server_host = $2;
3956 #else
3957 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3958 free($2);
3959 #endif
3960 }
3961 ;
3962 redis_replica_server_host: VAR_CACHEDB_REDISREPLICAHOST STRING_ARG
3963 {
3964 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3965 OUTYY(("P(redis_replica_server_host:%s)\n", $2));
3966 free(cfg_parser->cfg->redis_replica_server_host);
3967 cfg_parser->cfg->redis_replica_server_host = $2;
3968 #else
3969 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3970 free($2);
3971 #endif
3972 }
3973 ;
3974 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3975 {
3976 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3977 int port;
3978 OUTYY(("P(redis_server_port:%s)\n", $2));
3979 port = atoi($2);
3980 if(port == 0 || port < 0 || port > 65535)
3981 yyerror("valid redis server port number expected");
3982 else cfg_parser->cfg->redis_server_port = port;
3983 #else
3984 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3985 #endif
3986 free($2);
3987 }
3988 ;
3989 redis_replica_server_port: VAR_CACHEDB_REDISREPLICAPORT STRING_ARG
3990 {
3991 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3992 int port;
3993 OUTYY(("P(redis_replica_server_port:%s)\n", $2));
3994 port = atoi($2);
3995 if(port == 0 || port < 0 || port > 65535)
3996 yyerror("valid redis server port number expected");
3997 else cfg_parser->cfg->redis_replica_server_port = port;
3998 #else
3999 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4000 #endif
4001 free($2);
4002 }
4003 ;
4004 redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG
4005 {
4006 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4007 OUTYY(("P(redis_server_path:%s)\n", $2));
4008 free(cfg_parser->cfg->redis_server_path);
4009 cfg_parser->cfg->redis_server_path = $2;
4010 #else
4011 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4012 free($2);
4013 #endif
4014 }
4015 ;
4016 redis_replica_server_path: VAR_CACHEDB_REDISREPLICAPATH STRING_ARG
4017 {
4018 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4019 OUTYY(("P(redis_replica_server_path:%s)\n", $2));
4020 free(cfg_parser->cfg->redis_replica_server_path);
4021 cfg_parser->cfg->redis_replica_server_path = $2;
4022 #else
4023 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4024 free($2);
4025 #endif
4026 }
4027 ;
4028 redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG
4029 {
4030 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4031 OUTYY(("P(redis_server_password:%s)\n", $2));
4032 free(cfg_parser->cfg->redis_server_password);
4033 cfg_parser->cfg->redis_server_password = $2;
4034 #else
4035 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4036 free($2);
4037 #endif
4038 }
4039 ;
4040 redis_replica_server_password: VAR_CACHEDB_REDISREPLICAPASSWORD STRING_ARG
4041 {
4042 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4043 OUTYY(("P(redis_replica_server_password:%s)\n", $2));
4044 free(cfg_parser->cfg->redis_replica_server_password);
4045 cfg_parser->cfg->redis_replica_server_password = $2;
4046 #else
4047 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4048 free($2);
4049 #endif
4050 }
4051 ;
4052 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
4053 {
4054 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4055 OUTYY(("P(redis_timeout:%s)\n", $2));
4056 if(atoi($2) == 0)
4057 yyerror("redis timeout value expected");
4058 else cfg_parser->cfg->redis_timeout = atoi($2);
4059 #else
4060 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4061 #endif
4062 free($2);
4063 }
4064 ;
4065 redis_replica_timeout: VAR_CACHEDB_REDISREPLICATIMEOUT STRING_ARG
4066 {
4067 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4068 OUTYY(("P(redis_replica_timeout:%s)\n", $2));
4069 if(atoi($2) == 0)
4070 yyerror("redis timeout value expected");
4071 else cfg_parser->cfg->redis_replica_timeout = atoi($2);
4072 #else
4073 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4074 #endif
4075 free($2);
4076 }
4077 ;
4078 redis_command_timeout: VAR_CACHEDB_REDISCOMMANDTIMEOUT STRING_ARG
4079 {
4080 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4081 OUTYY(("P(redis_command_timeout:%s)\n", $2));
4082 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4083 yyerror("redis command timeout value expected");
4084 else cfg_parser->cfg->redis_command_timeout = atoi($2);
4085 #else
4086 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4087 #endif
4088 free($2);
4089 }
4090 ;
4091 redis_replica_command_timeout: VAR_CACHEDB_REDISREPLICACOMMANDTIMEOUT STRING_ARG
4092 {
4093 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4094 OUTYY(("P(redis_replica_command_timeout:%s)\n", $2));
4095 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4096 yyerror("redis command timeout value expected");
4097 else cfg_parser->cfg->redis_replica_command_timeout = atoi($2);
4098 #else
4099 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4100 #endif
4101 free($2);
4102 }
4103 ;
4104 redis_connect_timeout: VAR_CACHEDB_REDISCONNECTTIMEOUT STRING_ARG
4105 {
4106 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4107 OUTYY(("P(redis_connect_timeout:%s)\n", $2));
4108 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4109 yyerror("redis connect timeout value expected");
4110 else cfg_parser->cfg->redis_connect_timeout = atoi($2);
4111 #else
4112 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4113 #endif
4114 free($2);
4115 }
4116 ;
4117 redis_replica_connect_timeout: VAR_CACHEDB_REDISREPLICACONNECTTIMEOUT STRING_ARG
4118 {
4119 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4120 OUTYY(("P(redis_replica_connect_timeout:%s)\n", $2));
4121 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4122 yyerror("redis connect timeout value expected");
4123 else cfg_parser->cfg->redis_replica_connect_timeout = atoi($2);
4124 #else
4125 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4126 #endif
4127 free($2);
4128 }
4129 ;
4130 redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG
4131 {
4132 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4133 OUTYY(("P(redis_expire_records:%s)\n", $2));
4134 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
4135 yyerror("expected yes or no.");
4136 else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0);
4137 #else
4138 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4139 #endif
4140 free($2);
4141 }
4142 ;
4143 redis_logical_db: VAR_CACHEDB_REDISLOGICALDB STRING_ARG
4144 {
4145 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4146 int db;
4147 OUTYY(("P(redis_logical_db:%s)\n", $2));
4148 db = atoi($2);
4149 if((db == 0 && strcmp($2, "0") != 0) || db < 0)
4150 yyerror("valid redis logical database index expected");
4151 else cfg_parser->cfg->redis_logical_db = db;
4152 #else
4153 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4154 #endif
4155 free($2);
4156 }
4157 ;
4158 redis_replica_logical_db: VAR_CACHEDB_REDISREPLICALOGICALDB STRING_ARG
4159 {
4160 #if defined(USE_CACHEDB) && defined(USE_REDIS)
4161 int db;
4162 OUTYY(("P(redis_replica_logical_db:%s)\n", $2));
4163 db = atoi($2);
4164 if((db == 0 && strcmp($2, "0") != 0) || db < 0)
4165 yyerror("valid redis logical database index expected");
4166 else cfg_parser->cfg->redis_replica_logical_db = db;
4167 #else
4168 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
4169 #endif
4170 free($2);
4171 }
4172 ;
4173 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
4174 {
4175 OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
4176 if (atoi($3) < 0)
4177 yyerror("positive number expected");
4178 else {
4179 if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
4180 fatal_exit("out of memory adding tcp connection limit");
4181 }
4182 }
4183 ;
4184 server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG
4185 {
4186 OUTYY(("P(server_answer_cookie:%s)\n", $2));
4187 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
4188 yyerror("expected yes or no.");
4189 else cfg_parser->cfg->do_answer_cookie = (strcmp($2, "yes")==0);
4190 free($2);
4191 }
4192 ;
4193 server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG
4194 {
4195 uint8_t secret[32];
4196 size_t secret_len = sizeof(secret);
4197
4198 OUTYY(("P(server_cookie_secret:%s)\n", $2));
4199 if(sldns_str2wire_hex_buf($2, secret, &secret_len)
4200 || (secret_len != 16))
4201 yyerror("expected 128 bit hex string");
4202 else {
4203 cfg_parser->cfg->cookie_secret_len = secret_len;
4204 memcpy(cfg_parser->cfg->cookie_secret, secret, sizeof(secret));
4205 }
4206 free($2);
4207 }
4208 ;
4209 server_cookie_secret_file: VAR_COOKIE_SECRET_FILE STRING_ARG
4210 {
4211 OUTYY(("P(cookie_secret_file:%s)\n", $2));
4212 free(cfg_parser->cfg->cookie_secret_file);
4213 cfg_parser->cfg->cookie_secret_file = $2;
4214 }
4215 ;
4216 server_iter_scrub_ns: VAR_ITER_SCRUB_NS STRING_ARG
4217 {
4218 OUTYY(("P(server_iter_scrub_ns:%s)\n", $2));
4219 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4220 yyerror("number expected");
4221 else cfg_parser->cfg->iter_scrub_ns = atoi($2);
4222 free($2);
4223 }
4224 ;
4225 server_iter_scrub_cname: VAR_ITER_SCRUB_CNAME STRING_ARG
4226 {
4227 OUTYY(("P(server_iter_scrub_cname:%s)\n", $2));
4228 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4229 yyerror("number expected");
4230 else cfg_parser->cfg->iter_scrub_cname = atoi($2);
4231 free($2);
4232 }
4233 ;
4234 server_max_global_quota: VAR_MAX_GLOBAL_QUOTA STRING_ARG
4235 {
4236 OUTYY(("P(server_max_global_quota:%s)\n", $2));
4237 if(atoi($2) == 0 && strcmp($2, "0") != 0)
4238 yyerror("number expected");
4239 else cfg_parser->cfg->max_global_quota = atoi($2);
4240 free($2);
4241 }
4242 ;
4243 ipsetstart: VAR_IPSET
4244 {
4245 OUTYY(("\nP(ipset:)\n"));
4246 cfg_parser->started_toplevel = 1;
4247 }
4248 ;
4249 contents_ipset: contents_ipset content_ipset
4250 | ;
4251 content_ipset: ipset_name_v4 | ipset_name_v6
4252 ;
4253 ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
4254 {
4255 #ifdef USE_IPSET
4256 OUTYY(("P(name-v4:%s)\n", $2));
4257 if(cfg_parser->cfg->ipset_name_v4)
4258 yyerror("ipset name v4 override, there must be one "
4259 "name for ip v4");
4260 free(cfg_parser->cfg->ipset_name_v4);
4261 cfg_parser->cfg->ipset_name_v4 = $2;
4262 #else
4263 OUTYY(("P(Compiled without ipset, ignoring)\n"));
4264 free($2);
4265 #endif
4266 }
4267 ;
4268 ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
4269 {
4270 #ifdef USE_IPSET
4271 OUTYY(("P(name-v6:%s)\n", $2));
4272 if(cfg_parser->cfg->ipset_name_v6)
4273 yyerror("ipset name v6 override, there must be one "
4274 "name for ip v6");
4275 free(cfg_parser->cfg->ipset_name_v6);
4276 cfg_parser->cfg->ipset_name_v6 = $2;
4277 #else
4278 OUTYY(("P(Compiled without ipset, ignoring)\n"));
4279 free($2);
4280 #endif
4281 }
4282 ;
4283 %%
4284
4285 /* parse helper routines could be here */
4286 static void
4287 validate_respip_action(const char* action)
4288 {
4289 if(strcmp(action, "deny")!=0 &&
4290 strcmp(action, "redirect")!=0 &&
4291 strcmp(action, "inform")!=0 &&
4292 strcmp(action, "inform_deny")!=0 &&
4293 strcmp(action, "always_transparent")!=0 &&
4294 strcmp(action, "always_refuse")!=0 &&
4295 strcmp(action, "always_nxdomain")!=0)
4296 {
4297 yyerror("response-ip action: expected deny, redirect, "
4298 "inform, inform_deny, always_transparent, "
4299 "always_refuse or always_nxdomain");
4300 }
4301 }
4302
4303 static void
validate_acl_action(const char * action)4304 validate_acl_action(const char* action)
4305 {
4306 if(strcmp(action, "deny")!=0 &&
4307 strcmp(action, "refuse")!=0 &&
4308 strcmp(action, "deny_non_local")!=0 &&
4309 strcmp(action, "refuse_non_local")!=0 &&
4310 strcmp(action, "allow_setrd")!=0 &&
4311 strcmp(action, "allow")!=0 &&
4312 strcmp(action, "allow_snoop")!=0 &&
4313 strcmp(action, "allow_cookie")!=0)
4314 {
4315 yyerror("expected deny, refuse, deny_non_local, "
4316 "refuse_non_local, allow, allow_setrd, "
4317 "allow_snoop or allow_cookie as access control action");
4318 }
4319 }
4320