1 %{ 2 /* 3 * configlexer.lex - lexical analyzer for unbound config file 4 * 5 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved 6 * 7 * See LICENSE for the license. 8 * 9 */ 10 #include "config.h" 11 12 /* because flex keeps having sign-unsigned compare problems that are unfixed*/ 13 #if defined(__clang__)||(defined(__GNUC__)&&((__GNUC__ >4)||(defined(__GNUC_MINOR__)&&(__GNUC__ ==4)&&(__GNUC_MINOR__ >=2)))) 14 #pragma GCC diagnostic ignored "-Wsign-compare" 15 #endif 16 17 #include <ctype.h> 18 #include <strings.h> 19 #ifdef HAVE_GLOB_H 20 # include <glob.h> 21 #endif 22 23 #include "util/config_file.h" 24 #include "configparser.h" 25 void ub_c_error(const char *message); 26 27 #if 0 28 #define LEXOUT(s) printf s /* used ONLY when debugging */ 29 #else 30 #define LEXOUT(s) 31 #endif 32 33 /** avoid warning in about fwrite return value */ 34 #define ECHO ub_c_error_msg("syntax error at text: %s", ub_c_text) 35 36 /** A parser variable, this is a statement in the config file which is 37 * of the form variable: value1 value2 ... nargs is the number of values. */ 38 #define YDVAR(nargs, var) \ 39 num_args=(nargs); \ 40 LEXOUT(("v(%s%d) ", ub_c_text, num_args)); \ 41 if(num_args > 0) { BEGIN(val); } \ 42 return (var); 43 44 struct inc_state { 45 char* filename; 46 int line; 47 YY_BUFFER_STATE buffer; 48 struct inc_state* next; 49 }; 50 static struct inc_state* config_include_stack = NULL; 51 static int inc_depth = 0; 52 static int inc_prev = 0; 53 static int num_args = 0; 54 55 void init_cfg_parse(void) 56 { 57 config_include_stack = NULL; 58 inc_depth = 0; 59 inc_prev = 0; 60 num_args = 0; 61 } 62 63 static void config_start_include(const char* filename) 64 { 65 FILE *input; 66 struct inc_state* s; 67 char* nm; 68 if(inc_depth++ > 100000) { 69 ub_c_error_msg("too many include files"); 70 return; 71 } 72 if(*filename == '\0') { 73 ub_c_error_msg("empty include file name"); 74 return; 75 } 76 s = (struct inc_state*)malloc(sizeof(*s)); 77 if(!s) { 78 ub_c_error_msg("include %s: malloc failure", filename); 79 return; 80 } 81 if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, 82 strlen(cfg_parser->chroot)) == 0) { 83 filename += strlen(cfg_parser->chroot); 84 } 85 nm = strdup(filename); 86 if(!nm) { 87 ub_c_error_msg("include %s: strdup failure", filename); 88 free(s); 89 return; 90 } 91 input = fopen(filename, "r"); 92 if(!input) { 93 ub_c_error_msg("cannot open include file '%s': %s", 94 filename, strerror(errno)); 95 free(s); 96 free(nm); 97 return; 98 } 99 LEXOUT(("switch_to_include_file(%s)\n", filename)); 100 s->filename = cfg_parser->filename; 101 s->line = cfg_parser->line; 102 s->buffer = YY_CURRENT_BUFFER; 103 s->next = config_include_stack; 104 config_include_stack = s; 105 cfg_parser->filename = nm; 106 cfg_parser->line = 1; 107 yy_switch_to_buffer(yy_create_buffer(input, YY_BUF_SIZE)); 108 } 109 110 static void config_start_include_glob(const char* filename) 111 { 112 113 /* check for wildcards */ 114 #ifdef HAVE_GLOB 115 glob_t g; 116 size_t i; 117 int r, flags; 118 if(!(!strchr(filename, '*') && !strchr(filename, '?') && !strchr(filename, '[') && 119 !strchr(filename, '{') && !strchr(filename, '~'))) { 120 flags = 0 121 #ifdef GLOB_ERR 122 | GLOB_ERR 123 #endif 124 #ifdef GLOB_NOSORT 125 | GLOB_NOSORT 126 #endif 127 #ifdef GLOB_BRACE 128 | GLOB_BRACE 129 #endif 130 #ifdef GLOB_TILDE 131 | GLOB_TILDE 132 #endif 133 ; 134 memset(&g, 0, sizeof(g)); 135 if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, 136 strlen(cfg_parser->chroot)) == 0) { 137 filename += strlen(cfg_parser->chroot); 138 } 139 r = glob(filename, flags, NULL, &g); 140 if(r) { 141 /* some error */ 142 globfree(&g); 143 if(r == GLOB_NOMATCH) 144 return; /* no matches for pattern */ 145 config_start_include(filename); /* let original deal with it */ 146 return; 147 } 148 /* process files found, if any */ 149 for(i=0; i<(size_t)g.gl_pathc; i++) { 150 config_start_include(g.gl_pathv[i]); 151 } 152 globfree(&g); 153 return; 154 } 155 #endif /* HAVE_GLOB */ 156 157 config_start_include(filename); 158 } 159 160 static void config_end_include(void) 161 { 162 struct inc_state* s = config_include_stack; 163 --inc_depth; 164 if(!s) return; 165 free(cfg_parser->filename); 166 cfg_parser->filename = s->filename; 167 cfg_parser->line = s->line; 168 yy_delete_buffer(YY_CURRENT_BUFFER); 169 yy_switch_to_buffer(s->buffer); 170 config_include_stack = s->next; 171 free(s); 172 } 173 174 #ifndef yy_set_bol /* compat definition, for flex 2.4.6 */ 175 #define yy_set_bol(at_bol) \ 176 { \ 177 if ( ! yy_current_buffer ) \ 178 yy_current_buffer = yy_create_buffer( ub_c_in, YY_BUF_SIZE ); \ 179 yy_current_buffer->yy_ch_buf[0] = ((at_bol)?'\n':' '); \ 180 } 181 #endif 182 183 %} 184 %option noinput 185 %option nounput 186 %{ 187 #ifndef YY_NO_UNPUT 188 #define YY_NO_UNPUT 1 189 #endif 190 #ifndef YY_NO_INPUT 191 #define YY_NO_INPUT 1 192 #endif 193 %} 194 195 SPACE [ \t] 196 LETTER [a-zA-Z] 197 UNQUOTEDLETTER [^\'\"\n\r \t\\]|\\. 198 UNQUOTEDLETTER_NOCOLON [^\:\'\"\n\r \t\\]|\\. 199 NEWLINE [\r\n] 200 COMMENT \# 201 COLON \: 202 DQANY [^\"\n\r\\]|\\. 203 SQANY [^\'\n\r\\]|\\. 204 205 %x quotedstring singlequotedstr include include_quoted val 206 207 %% 208 <INITIAL,val>{SPACE}* { 209 LEXOUT(("SP ")); /* ignore */ } 210 <INITIAL,val>{SPACE}*{COMMENT}.* { 211 /* note that flex makes the longest match and '.' is any but not nl */ 212 LEXOUT(("comment(%s) ", ub_c_text)); /* ignore */ } 213 server{COLON} { YDVAR(0, VAR_SERVER) } 214 qname-minimisation{COLON} { YDVAR(1, VAR_QNAME_MINIMISATION) } 215 qname-minimisation-strict{COLON} { YDVAR(1, VAR_QNAME_MINIMISATION_STRICT) } 216 num-threads{COLON} { YDVAR(1, VAR_NUM_THREADS) } 217 verbosity{COLON} { YDVAR(1, VAR_VERBOSITY) } 218 port{COLON} { YDVAR(1, VAR_PORT) } 219 outgoing-range{COLON} { YDVAR(1, VAR_OUTGOING_RANGE) } 220 outgoing-port-permit{COLON} { YDVAR(1, VAR_OUTGOING_PORT_PERMIT) } 221 outgoing-port-avoid{COLON} { YDVAR(1, VAR_OUTGOING_PORT_AVOID) } 222 outgoing-num-tcp{COLON} { YDVAR(1, VAR_OUTGOING_NUM_TCP) } 223 incoming-num-tcp{COLON} { YDVAR(1, VAR_INCOMING_NUM_TCP) } 224 do-ip4{COLON} { YDVAR(1, VAR_DO_IP4) } 225 do-ip6{COLON} { YDVAR(1, VAR_DO_IP6) } 226 prefer-ip6{COLON} { YDVAR(1, VAR_PREFER_IP6) } 227 do-udp{COLON} { YDVAR(1, VAR_DO_UDP) } 228 do-tcp{COLON} { YDVAR(1, VAR_DO_TCP) } 229 tcp-upstream{COLON} { YDVAR(1, VAR_TCP_UPSTREAM) } 230 tcp-mss{COLON} { YDVAR(1, VAR_TCP_MSS) } 231 outgoing-tcp-mss{COLON} { YDVAR(1, VAR_OUTGOING_TCP_MSS) } 232 ssl-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } 233 tls-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } 234 ssl-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) } 235 tls-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) } 236 ssl-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) } 237 tls-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) } 238 ssl-port{COLON} { YDVAR(1, VAR_SSL_PORT) } 239 tls-port{COLON} { YDVAR(1, VAR_SSL_PORT) } 240 ssl-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) } 241 tls-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) } 242 additional-ssl-port{COLON} { YDVAR(1, VAR_ADDITIONAL_TLS_PORT) } 243 additional-tls-port{COLON} { YDVAR(1, VAR_ADDITIONAL_TLS_PORT) } 244 use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) } 245 do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) } 246 interface{COLON} { YDVAR(1, VAR_INTERFACE) } 247 ip-address{COLON} { YDVAR(1, VAR_INTERFACE) } 248 outgoing-interface{COLON} { YDVAR(1, VAR_OUTGOING_INTERFACE) } 249 interface-automatic{COLON} { YDVAR(1, VAR_INTERFACE_AUTOMATIC) } 250 so-rcvbuf{COLON} { YDVAR(1, VAR_SO_RCVBUF) } 251 so-sndbuf{COLON} { YDVAR(1, VAR_SO_SNDBUF) } 252 so-reuseport{COLON} { YDVAR(1, VAR_SO_REUSEPORT) } 253 ip-transparent{COLON} { YDVAR(1, VAR_IP_TRANSPARENT) } 254 ip-freebind{COLON} { YDVAR(1, VAR_IP_FREEBIND) } 255 chroot{COLON} { YDVAR(1, VAR_CHROOT) } 256 username{COLON} { YDVAR(1, VAR_USERNAME) } 257 directory{COLON} { YDVAR(1, VAR_DIRECTORY) } 258 logfile{COLON} { YDVAR(1, VAR_LOGFILE) } 259 pidfile{COLON} { YDVAR(1, VAR_PIDFILE) } 260 root-hints{COLON} { YDVAR(1, VAR_ROOT_HINTS) } 261 edns-buffer-size{COLON} { YDVAR(1, VAR_EDNS_BUFFER_SIZE) } 262 msg-buffer-size{COLON} { YDVAR(1, VAR_MSG_BUFFER_SIZE) } 263 msg-cache-size{COLON} { YDVAR(1, VAR_MSG_CACHE_SIZE) } 264 msg-cache-slabs{COLON} { YDVAR(1, VAR_MSG_CACHE_SLABS) } 265 rrset-cache-size{COLON} { YDVAR(1, VAR_RRSET_CACHE_SIZE) } 266 rrset-cache-slabs{COLON} { YDVAR(1, VAR_RRSET_CACHE_SLABS) } 267 cache-max-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_TTL) } 268 cache-max-negative-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } 269 cache-min-ttl{COLON} { YDVAR(1, VAR_CACHE_MIN_TTL) } 270 infra-host-ttl{COLON} { YDVAR(1, VAR_INFRA_HOST_TTL) } 271 infra-lame-ttl{COLON} { YDVAR(1, VAR_INFRA_LAME_TTL) } 272 infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) } 273 infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } 274 infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } 275 infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } 276 num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } 277 jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) } 278 delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) } 279 target-fetch-policy{COLON} { YDVAR(1, VAR_TARGET_FETCH_POLICY) } 280 harden-short-bufsize{COLON} { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } 281 harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } 282 harden-glue{COLON} { YDVAR(1, VAR_HARDEN_GLUE) } 283 harden-dnssec-stripped{COLON} { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } 284 harden-below-nxdomain{COLON} { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } 285 harden-referral-path{COLON} { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } 286 harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } 287 use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } 288 caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } 289 unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } 290 private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) } 291 private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } 292 prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } 293 prefetch{COLON} { YDVAR(1, VAR_PREFETCH) } 294 stub-zone{COLON} { YDVAR(0, VAR_STUB_ZONE) } 295 name{COLON} { YDVAR(1, VAR_NAME) } 296 stub-addr{COLON} { YDVAR(1, VAR_STUB_ADDR) } 297 stub-host{COLON} { YDVAR(1, VAR_STUB_HOST) } 298 stub-prime{COLON} { YDVAR(1, VAR_STUB_PRIME) } 299 stub-first{COLON} { YDVAR(1, VAR_STUB_FIRST) } 300 stub-ssl-upstream{COLON} { YDVAR(1, VAR_STUB_SSL_UPSTREAM) } 301 stub-tls-upstream{COLON} { YDVAR(1, VAR_STUB_SSL_UPSTREAM) } 302 forward-zone{COLON} { YDVAR(0, VAR_FORWARD_ZONE) } 303 forward-addr{COLON} { YDVAR(1, VAR_FORWARD_ADDR) } 304 forward-host{COLON} { YDVAR(1, VAR_FORWARD_HOST) } 305 forward-first{COLON} { YDVAR(1, VAR_FORWARD_FIRST) } 306 forward-ssl-upstream{COLON} { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } 307 forward-tls-upstream{COLON} { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } 308 auth-zone{COLON} { YDVAR(0, VAR_AUTH_ZONE) } 309 zonefile{COLON} { YDVAR(1, VAR_ZONEFILE) } 310 master{COLON} { YDVAR(1, VAR_MASTER) } 311 url{COLON} { YDVAR(1, VAR_URL) } 312 allow-notify{COLON} { YDVAR(1, VAR_ALLOW_NOTIFY) } 313 for-downstream{COLON} { YDVAR(1, VAR_FOR_DOWNSTREAM) } 314 for-upstream{COLON} { YDVAR(1, VAR_FOR_UPSTREAM) } 315 fallback-enabled{COLON} { YDVAR(1, VAR_FALLBACK_ENABLED) } 316 view{COLON} { YDVAR(0, VAR_VIEW) } 317 view-first{COLON} { YDVAR(1, VAR_VIEW_FIRST) } 318 do-not-query-address{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } 319 do-not-query-localhost{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } 320 access-control{COLON} { YDVAR(2, VAR_ACCESS_CONTROL) } 321 send-client-subnet{COLON} { YDVAR(1, VAR_SEND_CLIENT_SUBNET) } 322 client-subnet-zone{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } 323 client-subnet-always-forward{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } 324 client-subnet-opcode{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } 325 max-client-subnet-ipv4{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } 326 max-client-subnet-ipv6{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } 327 hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) } 328 hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) } 329 hide-trustanchor{COLON} { YDVAR(1, VAR_HIDE_TRUSTANCHOR) } 330 identity{COLON} { YDVAR(1, VAR_IDENTITY) } 331 version{COLON} { YDVAR(1, VAR_VERSION) } 332 module-config{COLON} { YDVAR(1, VAR_MODULE_CONF) } 333 dlv-anchor{COLON} { YDVAR(1, VAR_DLV_ANCHOR) } 334 dlv-anchor-file{COLON} { YDVAR(1, VAR_DLV_ANCHOR_FILE) } 335 trust-anchor-file{COLON} { YDVAR(1, VAR_TRUST_ANCHOR_FILE) } 336 auto-trust-anchor-file{COLON} { YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } 337 trusted-keys-file{COLON} { YDVAR(1, VAR_TRUSTED_KEYS_FILE) } 338 trust-anchor{COLON} { YDVAR(1, VAR_TRUST_ANCHOR) } 339 trust-anchor-signaling{COLON} { YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } 340 root-key-sentinel{COLON} { YDVAR(1, VAR_ROOT_KEY_SENTINEL) } 341 val-override-date{COLON} { YDVAR(1, VAR_VAL_OVERRIDE_DATE) } 342 val-sig-skew-min{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } 343 val-sig-skew-max{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } 344 val-bogus-ttl{COLON} { YDVAR(1, VAR_BOGUS_TTL) } 345 val-clean-additional{COLON} { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } 346 val-permissive-mode{COLON} { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } 347 aggressive-nsec{COLON} { YDVAR(1, VAR_AGGRESSIVE_NSEC) } 348 ignore-cd-flag{COLON} { YDVAR(1, VAR_IGNORE_CD_FLAG) } 349 serve-expired{COLON} { YDVAR(1, VAR_SERVE_EXPIRED) } 350 fake-dsa{COLON} { YDVAR(1, VAR_FAKE_DSA) } 351 fake-sha1{COLON} { YDVAR(1, VAR_FAKE_SHA1) } 352 val-log-level{COLON} { YDVAR(1, VAR_VAL_LOG_LEVEL) } 353 key-cache-size{COLON} { YDVAR(1, VAR_KEY_CACHE_SIZE) } 354 key-cache-slabs{COLON} { YDVAR(1, VAR_KEY_CACHE_SLABS) } 355 neg-cache-size{COLON} { YDVAR(1, VAR_NEG_CACHE_SIZE) } 356 val-nsec3-keysize-iterations{COLON} { 357 YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } 358 add-holddown{COLON} { YDVAR(1, VAR_ADD_HOLDDOWN) } 359 del-holddown{COLON} { YDVAR(1, VAR_DEL_HOLDDOWN) } 360 keep-missing{COLON} { YDVAR(1, VAR_KEEP_MISSING) } 361 permit-small-holddown{COLON} { YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } 362 use-syslog{COLON} { YDVAR(1, VAR_USE_SYSLOG) } 363 log-identity{COLON} { YDVAR(1, VAR_LOG_IDENTITY) } 364 log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) } 365 log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) } 366 log-replies{COLON} { YDVAR(1, VAR_LOG_REPLIES) } 367 local-zone{COLON} { YDVAR(2, VAR_LOCAL_ZONE) } 368 local-data{COLON} { YDVAR(1, VAR_LOCAL_DATA) } 369 local-data-ptr{COLON} { YDVAR(1, VAR_LOCAL_DATA_PTR) } 370 unblock-lan-zones{COLON} { YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } 371 insecure-lan-zones{COLON} { YDVAR(1, VAR_INSECURE_LAN_ZONES) } 372 statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) } 373 statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) } 374 extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) } 375 shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) } 376 shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) } 377 remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) } 378 control-enable{COLON} { YDVAR(1, VAR_CONTROL_ENABLE) } 379 control-interface{COLON} { YDVAR(1, VAR_CONTROL_INTERFACE) } 380 control-port{COLON} { YDVAR(1, VAR_CONTROL_PORT) } 381 control-use-cert{COLON} { YDVAR(1, VAR_CONTROL_USE_CERT) } 382 server-key-file{COLON} { YDVAR(1, VAR_SERVER_KEY_FILE) } 383 server-cert-file{COLON} { YDVAR(1, VAR_SERVER_CERT_FILE) } 384 control-key-file{COLON} { YDVAR(1, VAR_CONTROL_KEY_FILE) } 385 control-cert-file{COLON} { YDVAR(1, VAR_CONTROL_CERT_FILE) } 386 python-script{COLON} { YDVAR(1, VAR_PYTHON_SCRIPT) } 387 python{COLON} { YDVAR(0, VAR_PYTHON) } 388 domain-insecure{COLON} { YDVAR(1, VAR_DOMAIN_INSECURE) } 389 minimal-responses{COLON} { YDVAR(1, VAR_MINIMAL_RESPONSES) } 390 rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) } 391 max-udp-size{COLON} { YDVAR(1, VAR_MAX_UDP_SIZE) } 392 dns64-prefix{COLON} { YDVAR(1, VAR_DNS64_PREFIX) } 393 dns64-synthall{COLON} { YDVAR(1, VAR_DNS64_SYNTHALL) } 394 define-tag{COLON} { YDVAR(1, VAR_DEFINE_TAG) } 395 local-zone-tag{COLON} { YDVAR(2, VAR_LOCAL_ZONE_TAG) } 396 access-control-tag{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_TAG) } 397 access-control-tag-action{COLON} { YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } 398 access-control-tag-data{COLON} { YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } 399 access-control-view{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } 400 local-zone-override{COLON} { YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } 401 dnstap{COLON} { YDVAR(0, VAR_DNSTAP) } 402 dnstap-enable{COLON} { YDVAR(1, VAR_DNSTAP_ENABLE) } 403 dnstap-socket-path{COLON} { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } 404 dnstap-send-identity{COLON} { YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } 405 dnstap-send-version{COLON} { YDVAR(1, VAR_DNSTAP_SEND_VERSION) } 406 dnstap-identity{COLON} { YDVAR(1, VAR_DNSTAP_IDENTITY) } 407 dnstap-version{COLON} { YDVAR(1, VAR_DNSTAP_VERSION) } 408 dnstap-log-resolver-query-messages{COLON} { 409 YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } 410 dnstap-log-resolver-response-messages{COLON} { 411 YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } 412 dnstap-log-client-query-messages{COLON} { 413 YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } 414 dnstap-log-client-response-messages{COLON} { 415 YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } 416 dnstap-log-forwarder-query-messages{COLON} { 417 YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } 418 dnstap-log-forwarder-response-messages{COLON} { 419 YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } 420 disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } 421 ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } 422 ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } 423 ip-ratelimit-slabs{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SLABS) } 424 ratelimit-slabs{COLON} { YDVAR(1, VAR_RATELIMIT_SLABS) } 425 ip-ratelimit-size{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SIZE) } 426 ratelimit-size{COLON} { YDVAR(1, VAR_RATELIMIT_SIZE) } 427 ratelimit-for-domain{COLON} { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } 428 ratelimit-below-domain{COLON} { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } 429 ip-ratelimit-factor{COLON} { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } 430 ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) } 431 low-rtt{COLON} { YDVAR(1, VAR_LOW_RTT) } 432 low-rtt-pct{COLON} { YDVAR(1, VAR_LOW_RTT_PCT) } 433 response-ip-tag{COLON} { YDVAR(2, VAR_RESPONSE_IP_TAG) } 434 response-ip{COLON} { YDVAR(2, VAR_RESPONSE_IP) } 435 response-ip-data{COLON} { YDVAR(2, VAR_RESPONSE_IP_DATA) } 436 dnscrypt{COLON} { YDVAR(0, VAR_DNSCRYPT) } 437 dnscrypt-enable{COLON} { YDVAR(1, VAR_DNSCRYPT_ENABLE) } 438 dnscrypt-port{COLON} { YDVAR(1, VAR_DNSCRYPT_PORT) } 439 dnscrypt-provider{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER) } 440 dnscrypt-secret-key{COLON} { YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } 441 dnscrypt-provider-cert{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } 442 dnscrypt-provider-cert-rotated{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } 443 dnscrypt-shared-secret-cache-size{COLON} { 444 YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } 445 dnscrypt-shared-secret-cache-slabs{COLON} { 446 YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } 447 dnscrypt-nonce-cache-size{COLON} { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } 448 dnscrypt-nonce-cache-slabs{COLON} { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } 449 ipsecmod-enabled{COLON} { YDVAR(1, VAR_IPSECMOD_ENABLED) } 450 ipsecmod-ignore-bogus{COLON} { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } 451 ipsecmod-hook{COLON} { YDVAR(1, VAR_IPSECMOD_HOOK) } 452 ipsecmod-max-ttl{COLON} { YDVAR(1, VAR_IPSECMOD_MAX_TTL) } 453 ipsecmod-whitelist{COLON} { YDVAR(1, VAR_IPSECMOD_WHITELIST) } 454 ipsecmod-strict{COLON} { YDVAR(1, VAR_IPSECMOD_STRICT) } 455 cachedb{COLON} { YDVAR(0, VAR_CACHEDB) } 456 backend{COLON} { YDVAR(1, VAR_CACHEDB_BACKEND) } 457 secret-seed{COLON} { YDVAR(1, VAR_CACHEDB_SECRETSEED) } 458 redis-server-host{COLON} { YDVAR(1, VAR_CACHEDB_REDISHOST) } 459 redis-server-port{COLON} { YDVAR(1, VAR_CACHEDB_REDISPORT) } 460 redis-timeout{COLON} { YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } 461 udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } 462 <INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } 463 464 /* Quoted strings. Strip leading and ending quotes */ 465 <val>\" { BEGIN(quotedstring); LEXOUT(("QS ")); } 466 <quotedstring><<EOF>> { 467 ub_c_error("EOF inside quoted string"); 468 if(--num_args == 0) { BEGIN(INITIAL); } 469 else { BEGIN(val); } 470 } 471 <quotedstring>{DQANY}* { LEXOUT(("STR(%s) ", ub_c_text)); yymore(); } 472 <quotedstring>{NEWLINE} { ub_c_error("newline inside quoted string, no end \""); 473 cfg_parser->line++; BEGIN(INITIAL); } 474 <quotedstring>\" { 475 LEXOUT(("QE ")); 476 if(--num_args == 0) { BEGIN(INITIAL); } 477 else { BEGIN(val); } 478 ub_c_text[ub_c_leng - 1] = '\0'; 479 ub_c_lval.str = strdup(ub_c_text); 480 if(!ub_c_lval.str) 481 ub_c_error("out of memory"); 482 return STRING_ARG; 483 } 484 485 /* Single Quoted strings. Strip leading and ending quotes */ 486 <val>\' { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } 487 <singlequotedstr><<EOF>> { 488 ub_c_error("EOF inside quoted string"); 489 if(--num_args == 0) { BEGIN(INITIAL); } 490 else { BEGIN(val); } 491 } 492 <singlequotedstr>{SQANY}* { LEXOUT(("STR(%s) ", ub_c_text)); yymore(); } 493 <singlequotedstr>{NEWLINE} { ub_c_error("newline inside quoted string, no end '"); 494 cfg_parser->line++; BEGIN(INITIAL); } 495 <singlequotedstr>\' { 496 LEXOUT(("SQE ")); 497 if(--num_args == 0) { BEGIN(INITIAL); } 498 else { BEGIN(val); } 499 ub_c_text[ub_c_leng - 1] = '\0'; 500 ub_c_lval.str = strdup(ub_c_text); 501 if(!ub_c_lval.str) 502 ub_c_error("out of memory"); 503 return STRING_ARG; 504 } 505 506 /* include: directive */ 507 <INITIAL,val>include{COLON} { 508 LEXOUT(("v(%s) ", ub_c_text)); inc_prev = YYSTATE; BEGIN(include); } 509 <include><<EOF>> { 510 ub_c_error("EOF inside include directive"); 511 BEGIN(inc_prev); 512 } 513 <include>{SPACE}* { LEXOUT(("ISP ")); /* ignore */ } 514 <include>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++;} 515 <include>\" { LEXOUT(("IQS ")); BEGIN(include_quoted); } 516 <include>{UNQUOTEDLETTER}* { 517 LEXOUT(("Iunquotedstr(%s) ", ub_c_text)); 518 config_start_include_glob(ub_c_text); 519 BEGIN(inc_prev); 520 } 521 <include_quoted><<EOF>> { 522 ub_c_error("EOF inside quoted string"); 523 BEGIN(inc_prev); 524 } 525 <include_quoted>{DQANY}* { LEXOUT(("ISTR(%s) ", ub_c_text)); yymore(); } 526 <include_quoted>{NEWLINE} { ub_c_error("newline before \" in include name"); 527 cfg_parser->line++; BEGIN(inc_prev); } 528 <include_quoted>\" { 529 LEXOUT(("IQE ")); 530 ub_c_text[ub_c_leng - 1] = '\0'; 531 config_start_include_glob(ub_c_text); 532 BEGIN(inc_prev); 533 } 534 <INITIAL,val><<EOF>> { 535 LEXOUT(("LEXEOF ")); 536 yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ 537 if (!config_include_stack) { 538 yyterminate(); 539 } else { 540 fclose(ub_c_in); 541 config_end_include(); 542 } 543 } 544 545 <val>{UNQUOTEDLETTER}* { LEXOUT(("unquotedstr(%s) ", ub_c_text)); 546 if(--num_args == 0) { BEGIN(INITIAL); } 547 ub_c_lval.str = strdup(ub_c_text); return STRING_ARG; } 548 549 {UNQUOTEDLETTER_NOCOLON}* { 550 ub_c_error_msg("unknown keyword '%s'", ub_c_text); 551 } 552 553 <*>. { 554 ub_c_error_msg("stray '%s'", ub_c_text); 555 } 556 557 %% 558