src - FreeBSD source tree

diff options


context:
space:
mode:

author	Cy Schubert <cy@FreeBSD.org>	2021-08-16 23:55:17 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2021-08-16 23:57:03 +0000
commit	625f1c1312fb7defbd148c8ba121a0cf058707ef (patch)
tree	31510b9372850c8a8dd3e0a8dac37308308d8429 /util/configparser.y
parent	d60fa10fd872db7e3d8cb1e161cfdae026c43b14 (diff)
download	src-625f1c1312fb7defbd148c8ba121a0cf058707ef.tar.gz src-625f1c1312fb7defbd148c8ba121a0cf058707ef.zip

unbound: Vendor import 1.13.2vendor/unbound/1.13.2

Diffstat (limited to 'util/configparser.y')

-rw-r--r--

util/configparser.y

138

1 files changed, 123 insertions, 15 deletions

diff --git a/util/configparser.y b/util/configparser.y
index 272a97969397..e22d48d41055 100644
--- a/util/configparser.y
+++ b/util/configparser.y

@@ -100,17 +100,18 @@ extern struct config_parser_state* cfg_parser;

%token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE

%token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE

%token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE

-%token VAR_CONTROL_USE_CERT

+%token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES

%token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT

%token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII

%token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN

-%token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL

-%token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN

-%token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH

-%token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN

-%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS

-%token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM

-%token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST

+%token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL

+%token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING

+%token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE

+%token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT

+%token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES

+%token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM

+%token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY

+%token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST

%token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE

%token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS

%token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE

@@ -153,6 +154,7 @@ extern struct config_parser_state* cfg_parser;

%token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL

%token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA

%token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR

+%token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT

%token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD

%token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL

%token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER

@@ -182,6 +184,7 @@ extern struct config_parser_state* cfg_parser;

%token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME

%token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING

%token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID

+%token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE

toplevelvars: /* empty */ | toplevelvars toplevelvar ;

@@ -223,6 +226,7 @@ content_server: server_num_threads | server_verbosity | server_port |

server_harden_short_bufsize | server_harden_large_queries |

server_do_not_query_address | server_hide_identity |

server_hide_version | server_identity | server_version |

+ server_hide_http_user_agent | server_http_user_agent |

server_harden_glue | server_module_conf | server_trust_anchor_file |

server_trust_anchor | server_val_override_date | server_bogus_ttl |

server_val_clean_additional | server_val_permissive_mode |

@@ -242,8 +246,9 @@ content_server: server_num_threads | server_verbosity | server_port |

server_local_data_ptr | server_jostle_timeout |

server_unwanted_reply_threshold | server_log_time_ascii |

server_domain_insecure | server_val_sig_skew_min |

- server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level |

- server_auto_trust_anchor_file | server_add_holddown |

+ server_val_sig_skew_max | server_val_max_restart |

+ server_cache_min_ttl | server_val_log_level |

+ server_auto_trust_anchor_file | server_add_holddown |

server_del_holddown | server_keep_missing | server_so_rcvbuf |

server_edns_buffer_size | server_prefetch | server_prefetch_key |

server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |

@@ -299,7 +304,10 @@ content_server: server_num_threads | server_verbosity | server_port |

server_stream_wait_size | server_tls_ciphers |

server_tls_ciphersuites | server_tls_session_ticket_keys |

server_tls_use_sni | server_edns_client_string |

- server_edns_client_string_opcode | server_nsid

+ server_edns_client_string_opcode | server_nsid |

+ server_zonemd_permissive_mode | server_max_reuse_tcp_queries |

+ server_tcp_reuse_timeout | server_tcp_auth_query_timeout

;

stubstart: VAR_STUB_ZONE

{

@@ -366,6 +374,8 @@ authstart: VAR_AUTH_ZONE

s->for_downstream = 1;

s->for_upstream = 1;

s->fallback_enabled = 0;

+ s->zonemd_check = 0;

+ s->zonemd_reject_absence = 0;

s->isrpz = 0;

} else

yyerror("out of memory");

@@ -375,7 +385,7 @@ contents_auth: contents_auth content_auth

| ;

content_auth: auth_name | auth_zonefile | auth_master | auth_url |

auth_for_downstream | auth_for_upstream | auth_fallback_enabled |

- auth_allow_notify

+ auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence

;

rpz_tag: VAR_TAGS STRING_ARG

@@ -856,6 +866,39 @@ server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG

free($2);

}

;

+server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG

+ {

+ OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2));

+ if(atoi($2) == 0 && strcmp($2, "0") != 0)

+ yyerror("number expected");

+ else if (atoi($2) < 1)

+ cfg_parser->cfg->max_reuse_tcp_queries = 0;

+ else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2);

+ free($2);

+ }

+ ;

+server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG

+ {

+ OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2));

+ if(atoi($2) == 0 && strcmp($2, "0") != 0)

+ yyerror("number expected");

+ else if (atoi($2) < 1)

+ cfg_parser->cfg->tcp_reuse_timeout = 0;

+ else cfg_parser->cfg->tcp_reuse_timeout = atoi($2);

+ free($2);

+ }

+ ;

+server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG

+ {

+ OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2));

+ if(atoi($2) == 0 && strcmp($2, "0") != 0)

+ yyerror("number expected");

+ else if (atoi($2) < 1)

+ cfg_parser->cfg->tcp_auth_query_timeout = 0;

+ else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2);

+ free($2);

+ }

+ ;

server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG

{

OUTYY(("P(server_tcp_keepalive:%s)\n", $2));

@@ -1296,6 +1339,15 @@ server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG

free($2);

}

;

+server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG

+ {

+ OUTYY(("P(server_hide_user_agent:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);

+ free($2);

+ }

+ ;

server_identity: VAR_IDENTITY STRING_ARG

{

OUTYY(("P(server_identity:%s)\n", $2));

@@ -1310,6 +1362,13 @@ server_version: VAR_VERSION STRING_ARG

cfg_parser->cfg->version = $2;

}

;

+server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG

+ {

+ OUTYY(("P(server_http_user_agent:%s)\n", $2));

+ free(cfg_parser->cfg->http_user_agent);

+ cfg_parser->cfg->http_user_agent = $2;

+ }

+ ;

server_nsid: VAR_NSID STRING_ARG

{

OUTYY(("P(server_nsid:%s)\n", $2));

@@ -1814,6 +1873,19 @@ server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG

free($2);

}

;

+server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG

+ {

+ OUTYY(("P(server_val_max_restart:%s)\n", $2));

+ if(*$2 == '\0' || strcmp($2, "0") == 0) {

+ cfg_parser->cfg->val_max_restart = 0;

+ } else {

+ cfg_parser->cfg->val_max_restart = atoi($2);

+ if(!cfg_parser->cfg->val_max_restart)

+ yyerror("number expected");

+ }

+ free($2);

+ }

+ ;

server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG

{

OUTYY(("P(server_cache_max_ttl:%s)\n", $2));

@@ -1986,6 +2058,15 @@ server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG

cfg_parser->cfg->val_nsec3_key_iterations = $2;

}

;

+server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG

+ {

+ OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0);

+ free($2);

+ }

+ ;

server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG

{

OUTYY(("P(server_add_holddown:%s)\n", $2));

@@ -2741,6 +2822,26 @@ auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG

yyerror("out of memory");

}

;

+auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG

+ {

+ OUTYY(("P(zonemd-check:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->auths->zonemd_check =

+ (strcmp($2, "yes")==0);

+ free($2);

+ }

+ ;

+auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG

+ {

+ OUTYY(("P(zonemd-reject-absence:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->auths->zonemd_reject_absence =

+ (strcmp($2, "yes")==0);

+ free($2);

+ }

+ ;

auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG

{

OUTYY(("P(for-downstream:%s)\n", $2));

@@ -2791,13 +2892,20 @@ view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG

&& strcmp($3, "always_transparent")!=0

&& strcmp($3, "always_refuse")!=0

&& strcmp($3, "always_nxdomain")!=0

+ && strcmp($3, "always_nodata")!=0

+ && strcmp($3, "always_deny")!=0

+ && strcmp($3, "always_null")!=0

&& strcmp($3, "noview")!=0

- && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) {

+ && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0

+ && strcmp($3, "inform_redirect") != 0

+ && strcmp($3, "ipset") != 0) {

yyerror("local-zone type: expected static, deny, "

"refuse, redirect, transparent, "

"typetransparent, inform, inform_deny, "

- "always_transparent, always_refuse, "

- "always_nxdomain, noview or nodefault");

+ "inform_redirect, always_transparent, "

+ "always_refuse, always_nxdomain, "

+ "always_nodata, always_deny, always_null, "

+ "noview, nodefault or ipset");

free($2);

free($3);

} else if(strcmp($3, "nodefault")==0) {