src - OpenBSD base system

diff options


context:
space:
mode:

author	Stuart Henderson <sthen@cvs.openbsd.org>	2015-11-05 21:29:04 +0000
committer	Stuart Henderson <sthen@cvs.openbsd.org>	2015-11-05 21:29:04 +0000
commit	2c9246e430eb5b8a8623d625325924d48b15b50f (patch)
tree	4ff1e25f5117bae2d186ad3ffe1d2a23c8b8085e /usr.sbin/unbound/util
parent	4c321c9c54f5a79362b54b8a1764f473305e54c6 (diff)

merge

Diffstat (limited to 'usr.sbin/unbound/util')

-rw-r--r--

usr.sbin/unbound/util/config_file.c

-rw-r--r--

usr.sbin/unbound/util/config_file.h

-rw-r--r--

usr.sbin/unbound/util/configlexer.lex

163

-rw-r--r--

usr.sbin/unbound/util/configparser.y

407

-rw-r--r--

usr.sbin/unbound/util/data/msgencode.c

381

-rw-r--r--

usr.sbin/unbound/util/iana_ports.inc

128

-rw-r--r--

usr.sbin/unbound/util/net_help.c

7 files changed, 887 insertions, 231 deletions

diff --git a/usr.sbin/unbound/util/config_file.c b/usr.sbin/unbound/util/config_file.c
index 5d31301fa00..db328f3307b 100644
--- a/usr.sbin/unbound/util/config_file.c
+++ b/usr.sbin/unbound/util/config_file.c

@@ -70,6 +70,8 @@

uid_t cfg_uid = (uid_t)-1;

/** from cfg username, after daemonise setup performed */

gid_t cfg_gid = (gid_t)-1;

+/** for debug allow small timeout values for fast rollovers */

+int autr_permit_small_holddown = 0;

/** global config during parsing */

struct config_parser_state* cfg_parser = 0;

@@ -98,7 +100,7 @@ config_create(void)

cfg->tcp_upstream = 0;

cfg->ssl_service_key = NULL;

cfg->ssl_service_pem = NULL;

- cfg->ssl_port = 443;

+ cfg->ssl_port = 853;

cfg->ssl_upstream = 0;

cfg->use_syslog = 1;

cfg->log_time_ascii = 0;

@@ -172,7 +174,7 @@ config_create(void)

cfg->harden_dnssec_stripped = 1;

cfg->harden_below_nxdomain = 0;

cfg->harden_referral_path = 0;

- cfg->harden_algo_downgrade = 1;

+ cfg->harden_algo_downgrade = 0;

cfg->use_caps_bits_for_id = 0;

cfg->caps_whitelist = NULL;

cfg->private_address = NULL;

@@ -200,6 +202,7 @@ config_create(void)

cfg->add_holddown = 30*24*3600;

cfg->del_holddown = 30*24*3600;

cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */

+ cfg->permit_small_holddown = 0;

cfg->key_cache_size = 4 * 1024 * 1024;

cfg->key_cache_slabs = 4;

cfg->neg_cache_size = 1 * 1024 * 1024;

@@ -444,6 +447,9 @@ int config_set_option(struct config_file* cfg, const char* opt,

else S_UNSIGNED_OR_ZERO("add-holddown:", add_holddown)

else S_UNSIGNED_OR_ZERO("del-holddown:", del_holddown)

else S_UNSIGNED_OR_ZERO("keep-missing:", keep_missing)

+ else if(strcmp(opt, "permit-small-holddown:") == 0)

+ { IS_YES_OR_NO; cfg->permit_small_holddown = (strcmp(val, "yes") == 0);

+ autr_permit_small_holddown = cfg->permit_small_holddown; }

else S_MEMSIZE("key-cache-size:", key_cache_size)

else S_POW2("key-cache-slabs:", key_cache_slabs)

else S_MEMSIZE("neg-cache-size:", neg_cache_size)

@@ -705,6 +711,7 @@ config_get_option(struct config_file* cfg, const char* opt,

else O_UNS(opt, "add-holddown", add_holddown)

else O_UNS(opt, "del-holddown", del_holddown)

else O_UNS(opt, "keep-missing", keep_missing)

+ else O_YNO(opt, "permit-small-holddown", permit_small_holddown)

else O_MEM(opt, "key-cache-size", key_cache_size)

else O_DEC(opt, "key-cache-slabs", key_cache_slabs)

else O_MEM(opt, "neg-cache-size", neg_cache_size)

@@ -1243,6 +1250,7 @@ config_apply(struct config_file* config)

MINIMAL_RESPONSES = config->minimal_responses;

RRSET_ROUNDROBIN = config->rrset_roundrobin;

log_set_time_asc(config->log_time_ascii);

+ autr_permit_small_holddown = config->permit_small_holddown;

}

void config_lookup_uid(struct config_file* cfg)

diff --git a/usr.sbin/unbound/util/config_file.h b/usr.sbin/unbound/util/config_file.h
index 1c3c31dcf13..99b15e06ebc 100644
--- a/usr.sbin/unbound/util/config_file.h
+++ b/usr.sbin/unbound/util/config_file.h

@@ -269,6 +269,8 @@ struct config_file {

unsigned int del_holddown;

/** autotrust keep_missing time, in seconds. 0 is forever. */

unsigned int keep_missing;

+ /** permit small holddown values, allowing 5011 rollover very fast */

+ int permit_small_holddown;

/** size of the key cache */

size_t key_cache_size;

@@ -368,6 +370,8 @@ struct config_file {

extern uid_t cfg_uid;

/** from cfg username, after daemonise setup performed */

extern gid_t cfg_gid;

+/** debug and enable small timeouts */

+extern int autr_permit_small_holddown;

/**

* Stub config options

diff --git a/usr.sbin/unbound/util/configlexer.lex b/usr.sbin/unbound/util/configlexer.lex
index 2661ffdf1ba..ba728622c15 100644
--- a/usr.sbin/unbound/util/configlexer.lex
+++ b/usr.sbin/unbound/util/configlexer.lex

@@ -7,10 +7,12 @@

* See LICENSE for the license.

#include <ctype.h>

#include <string.h>

#include <strings.h>

+#ifdef HAVE_GLOB_H

+# include <glob.h>

+#endif

#include "util/config_file.h"

#include "util/configparser.h"

@@ -36,52 +38,131 @@ void ub_c_error(const char *message);

struct inc_state {

char* filename;

int line;

+ YY_BUFFER_STATE buffer;

+ struct inc_state* next;

};

-static struct inc_state parse_stack[MAXINCLUDES];

-static YY_BUFFER_STATE include_stack[MAXINCLUDES];

-static int config_include_stack_ptr = 0;

+static struct inc_state* config_include_stack = NULL;

+static int inc_depth = 0;

static int inc_prev = 0;

static int num_args = 0;

+void init_cfg_parse(void)

+ config_include_stack = NULL;

+ inc_depth = 0;

+ inc_prev = 0;

+ num_args = 0;

static void config_start_include(const char* filename)

{

FILE *input;

+ struct inc_state* s;

+ char* nm;

+ if(inc_depth++ > 100000) {

+ ub_c_error_msg("too many include files");

+ return;

+ }

if(strlen(filename) == 0) {

ub_c_error_msg("empty include file name");

return;

}

- if(config_include_stack_ptr >= MAXINCLUDES) {

- ub_c_error_msg("includes nested too deeply, skipped (>%d)", MAXINCLUDES);

+ s = (struct inc_state*)malloc(sizeof(*s));

+ if(!s) {

+ ub_c_error_msg("include %s: malloc failure", filename);

return;

}

if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot,

strlen(cfg_parser->chroot)) == 0) {

filename += strlen(cfg_parser->chroot);

}

+ nm = strdup(filename);

+ if(!nm) {

+ ub_c_error_msg("include %s: strdup failure", filename);

+ free(s);

+ return;

+ }

input = fopen(filename, "r");

if(!input) {

ub_c_error_msg("cannot open include file '%s': %s",

filename, strerror(errno));

+ free(s);

+ free(nm);

return;

}

- LEXOUT(("switch_to_include_file(%s) ", filename));

- parse_stack[config_include_stack_ptr].filename = cfg_parser->filename;

- parse_stack[config_include_stack_ptr].line = cfg_parser->line;

- include_stack[config_include_stack_ptr] = YY_CURRENT_BUFFER;

- cfg_parser->filename = strdup(filename);

+ LEXOUT(("switch_to_include_file(%s)\n", filename));

+ s->filename = cfg_parser->filename;

+ s->line = cfg_parser->line;

+ s->buffer = YY_CURRENT_BUFFER;

+ s->next = config_include_stack;

+ config_include_stack = s;

+ cfg_parser->filename = nm;

cfg_parser->line = 1;

yy_switch_to_buffer(yy_create_buffer(input, YY_BUF_SIZE));

- ++config_include_stack_ptr;

+static void config_start_include_glob(const char* filename)

+ /* check for wildcards */

+#ifdef HAVE_GLOB

+ glob_t g;

+ size_t i;

+ int r, flags;

+ if(!(!strchr(filename, '*') && !strchr(filename, '?') && !strchr(filename, '[') &&

+ !strchr(filename, '{') && !strchr(filename, '~'))) {

+ flags = 0

+#ifdef GLOB_ERR

+ | GLOB_ERR

+#endif

+#ifdef GLOB_NOSORT

+ | GLOB_NOSORT

+#endif

+#ifdef GLOB_BRACE

+ | GLOB_BRACE

+#endif

+#ifdef GLOB_TILDE

+ | GLOB_TILDE

+#endif

+ ;

+ memset(&g, 0, sizeof(g));

+ if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot,

+ strlen(cfg_parser->chroot)) == 0) {

+ filename += strlen(cfg_parser->chroot);

+ }

+ r = glob(filename, flags, NULL, &g);

+ if(r) {

+ /* some error */

+ globfree(&g);

+ if(r == GLOB_NOMATCH)

+ return; /* no matches for pattern */

+ config_start_include(filename); /* let original deal with it */

+ return;

+ }

+ /* process files found, if any */

+ for(i=0; i<(size_t)g.gl_pathc; i++) {

+ config_start_include(g.gl_pathv[i]);

+ }

+ globfree(&g);

+ return;

+ }

+#endif /* HAVE_GLOB */

+ config_start_include(filename);

}

static void config_end_include(void)

{

- --config_include_stack_ptr;

+ struct inc_state* s = config_include_stack;

+ --inc_depth;

+ if(!s) return;

free(cfg_parser->filename);

- cfg_parser->filename = parse_stack[config_include_stack_ptr].filename;

- cfg_parser->line = parse_stack[config_include_stack_ptr].line;

+ cfg_parser->filename = s->filename;

+ cfg_parser->line = s->line;

yy_delete_buffer(YY_CURRENT_BUFFER);

- yy_switch_to_buffer(include_stack[config_include_stack_ptr]);

+ yy_switch_to_buffer(s->buffer);

+ config_include_stack = s->next;

+ free(s);

}

#ifndef yy_set_bol /* compat definition, for flex 2.4.6 */

@@ -143,10 +224,13 @@ ssl-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) }

ssl-port{COLON} { YDVAR(1, VAR_SSL_PORT) }

do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) }

interface{COLON} { YDVAR(1, VAR_INTERFACE) }

+ip-address{COLON} { YDVAR(1, VAR_INTERFACE) }

outgoing-interface{COLON} { YDVAR(1, VAR_OUTGOING_INTERFACE) }

interface-automatic{COLON} { YDVAR(1, VAR_INTERFACE_AUTOMATIC) }

so-rcvbuf{COLON} { YDVAR(1, VAR_SO_RCVBUF) }

so-sndbuf{COLON} { YDVAR(1, VAR_SO_SNDBUF) }

+so-reuseport{COLON} { YDVAR(1, VAR_SO_REUSEPORT) }

+ip-transparent{COLON} { YDVAR(1, VAR_IP_TRANSPARENT) }

chroot{COLON} { YDVAR(1, VAR_CHROOT) }

username{COLON} { YDVAR(1, VAR_USERNAME) }

directory{COLON} { YDVAR(1, VAR_DIRECTORY) }

@@ -160,14 +244,17 @@ msg-cache-slabs{COLON} { YDVAR(1, VAR_MSG_CACHE_SLABS) }

rrset-cache-size{COLON} { YDVAR(1, VAR_RRSET_CACHE_SIZE) }

rrset-cache-slabs{COLON} { YDVAR(1, VAR_RRSET_CACHE_SLABS) }

cache-max-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_TTL) }

+cache-max-negative-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) }

cache-min-ttl{COLON} { YDVAR(1, VAR_CACHE_MIN_TTL) }

infra-host-ttl{COLON} { YDVAR(1, VAR_INFRA_HOST_TTL) }

infra-lame-ttl{COLON} { YDVAR(1, VAR_INFRA_LAME_TTL) }

infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) }

infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) }

infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) }

+infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) }

num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }

jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) }

+delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) }

target-fetch-policy{COLON} { YDVAR(1, VAR_TARGET_FETCH_POLICY) }

harden-short-bufsize{COLON} { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) }

harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) }

@@ -175,7 +262,9 @@ harden-glue{COLON} { YDVAR(1, VAR_HARDEN_GLUE) }

harden-dnssec-stripped{COLON} { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) }

harden-below-nxdomain{COLON} { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) }

harden-referral-path{COLON} { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) }

+harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) }

use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) }

+caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) }

unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) }

private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) }

private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) }

@@ -186,9 +275,11 @@ name{COLON} { YDVAR(1, VAR_NAME) }

stub-addr{COLON} { YDVAR(1, VAR_STUB_ADDR) }

stub-host{COLON} { YDVAR(1, VAR_STUB_HOST) }

stub-prime{COLON} { YDVAR(1, VAR_STUB_PRIME) }

+stub-first{COLON} { YDVAR(1, VAR_STUB_FIRST) }

forward-zone{COLON} { YDVAR(0, VAR_FORWARD_ZONE) }

forward-addr{COLON} { YDVAR(1, VAR_FORWARD_ADDR) }

forward-host{COLON} { YDVAR(1, VAR_FORWARD_HOST) }

+forward-first{COLON} { YDVAR(1, VAR_FORWARD_FIRST) }

do-not-query-address{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) }

do-not-query-localhost{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) }

access-control{COLON} { YDVAR(2, VAR_ACCESS_CONTROL) }

@@ -219,12 +310,14 @@ val-nsec3-keysize-iterations{COLON} {

add-holddown{COLON} { YDVAR(1, VAR_ADD_HOLDDOWN) }

del-holddown{COLON} { YDVAR(1, VAR_DEL_HOLDDOWN) }

keep-missing{COLON} { YDVAR(1, VAR_KEEP_MISSING) }

+permit-small-holddown{COLON} { YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) }

use-syslog{COLON} { YDVAR(1, VAR_USE_SYSLOG) }

log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) }

log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) }

local-zone{COLON} { YDVAR(2, VAR_LOCAL_ZONE) }

local-data{COLON} { YDVAR(1, VAR_LOCAL_DATA) }

local-data-ptr{COLON} { YDVAR(1, VAR_LOCAL_DATA_PTR) }

+unblock-lan-zones{COLON} { YDVAR(1, VAR_UNBLOCK_LAN_ZONES) }

statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) }

statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) }

extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) }

@@ -232,6 +325,7 @@ remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) }

control-enable{COLON} { YDVAR(1, VAR_CONTROL_ENABLE) }

control-interface{COLON} { YDVAR(1, VAR_CONTROL_INTERFACE) }

control-port{COLON} { YDVAR(1, VAR_CONTROL_PORT) }

+control-use-cert{COLON} { YDVAR(1, VAR_CONTROL_USE_CERT) }

server-key-file{COLON} { YDVAR(1, VAR_SERVER_KEY_FILE) }

server-cert-file{COLON} { YDVAR(1, VAR_SERVER_CERT_FILE) }

control-key-file{COLON} { YDVAR(1, VAR_CONTROL_KEY_FILE) }

@@ -239,6 +333,36 @@ control-cert-file{COLON} { YDVAR(1, VAR_CONTROL_CERT_FILE) }

python-script{COLON} { YDVAR(1, VAR_PYTHON_SCRIPT) }

python{COLON} { YDVAR(0, VAR_PYTHON) }

domain-insecure{COLON} { YDVAR(1, VAR_DOMAIN_INSECURE) }

+minimal-responses{COLON} { YDVAR(1, VAR_MINIMAL_RESPONSES) }

+rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) }

+max-udp-size{COLON} { YDVAR(1, VAR_MAX_UDP_SIZE) }

+dns64-prefix{COLON} { YDVAR(1, VAR_DNS64_PREFIX) }

+dns64-synthall{COLON} { YDVAR(1, VAR_DNS64_SYNTHALL) }

+dnstap{COLON} { YDVAR(0, VAR_DNSTAP) }

+dnstap-enable{COLON} { YDVAR(1, VAR_DNSTAP_ENABLE) }

+dnstap-socket-path{COLON} { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) }

+dnstap-send-identity{COLON} { YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) }

+dnstap-send-version{COLON} { YDVAR(1, VAR_DNSTAP_SEND_VERSION) }

+dnstap-identity{COLON} { YDVAR(1, VAR_DNSTAP_IDENTITY) }

+dnstap-version{COLON} { YDVAR(1, VAR_DNSTAP_VERSION) }

+dnstap-log-resolver-query-messages{COLON} {

+ YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) }

+dnstap-log-resolver-response-messages{COLON} {

+ YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) }

+dnstap-log-client-query-messages{COLON} {

+ YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) }

+dnstap-log-client-response-messages{COLON} {

+ YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) }

+dnstap-log-forwarder-query-messages{COLON} {

+ YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) }

+dnstap-log-forwarder-response-messages{COLON} {

+ YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) }

+ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) }

+ratelimit-slabs{COLON} { YDVAR(1, VAR_RATELIMIT_SLABS) }

+ratelimit-size{COLON} { YDVAR(1, VAR_RATELIMIT_SIZE) }

+ratelimit-for-domain{COLON} { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) }

+ratelimit-below-domain{COLON} { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) }

+ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) }

<INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; }

/* Quoted strings. Strip leading and ending quotes */

@@ -295,7 +419,7 @@ domain-insecure{COLON} { YDVAR(1, VAR_DOMAIN_INSECURE) }

<include>\" { LEXOUT(("IQS ")); BEGIN(include_quoted); }

<include>{UNQUOTEDLETTER}* {

LEXOUT(("Iunquotedstr(%s) ", yytext));

- config_start_include(yytext);

+ config_start_include_glob(yytext);

BEGIN(inc_prev);

}

<include_quoted><<EOF>> {

@@ -308,12 +432,13 @@ domain-insecure{COLON} { YDVAR(1, VAR_DOMAIN_INSECURE) }

<include_quoted>\" {

LEXOUT(("IQE "));

yytext[yyleng - 1] = '\0';

- config_start_include(yytext);

+ config_start_include_glob(yytext);

BEGIN(inc_prev);

}

<INITIAL,val><<EOF>> {

+ LEXOUT(("LEXEOF "));

yy_set_bol(1); /* Set beginning of line, so "^" rules match. */

- if (config_include_stack_ptr == 0) {

+ if (!config_include_stack) {

yyterminate();

} else {

fclose(yyin);

diff --git a/usr.sbin/unbound/util/configparser.y b/usr.sbin/unbound/util/configparser.y
index 09f77c5782f..d6db3c86f7d 100644
--- a/usr.sbin/unbound/util/configparser.y
+++ b/usr.sbin/unbound/util/configparser.y

@@ -23,16 +23,16 @@

* specific prior written permission.

* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED

- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE

- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

- * POSSIBILITY OF SUCH DAMAGE.

+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED

+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

@@ -95,21 +95,39 @@ extern struct config_parser_state* cfg_parser;

%token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE

%token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE

%token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE

+%token VAR_CONTROL_USE_CERT

%token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT

%token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII

%token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN

%token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL

%token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN

%token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH

-%token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_HARDEN_BELOW_NXDOMAIN

+%token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN

%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM

-%token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT

+%token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST

+%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN

+%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UNBLOCK_LAN_ZONES

+%token VAR_INFRA_CACHE_MIN_RTT

+%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL

+%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH

+%token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION

+%token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION

+%token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES

+%token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES

+%token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES

+%token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES

+%token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES

+%token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES

+%token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT

+%token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE

+%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN VAR_RATELIMIT_FACTOR

+%token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN

toplevelvars: /* empty */ | toplevelvars toplevelvar ;

toplevelvar: serverstart contents_server | stubstart contents_stub |

forwardstart contents_forward | pythonstart contents_py |

- rcstart contents_rc

+ rcstart contents_rc | dtstart contents_dt

;

/* server: declaration */

@@ -159,7 +177,16 @@ content_server: server_num_threads | server_verbosity | server_port |

server_edns_buffer_size | server_prefetch | server_prefetch_key |

server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |

server_log_queries | server_tcp_upstream | server_ssl_upstream |

- server_ssl_service_key | server_ssl_service_pem | server_ssl_port

+ server_ssl_service_key | server_ssl_service_pem | server_ssl_port |

+ server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |

+ server_so_reuseport | server_delay_close | server_unblock_lan_zones |

+ server_dns64_prefix | server_dns64_synthall |

+ server_infra_cache_min_rtt | server_harden_algo_downgrade |

+ server_ip_transparent | server_ratelimit | server_ratelimit_slabs |

+ server_ratelimit_size | server_ratelimit_for_domain |

+ server_ratelimit_below_domain | server_ratelimit_factor |

+ server_caps_whitelist | server_cache_max_negative_ttl |

+ server_permit_small_holddown

;

stubstart: VAR_STUB_ZONE

{

@@ -175,7 +202,7 @@ stubstart: VAR_STUB_ZONE

;

contents_stub: contents_stub content_stub

| ;

-content_stub: stub_name | stub_host | stub_addr | stub_prime

+content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first

;

forwardstart: VAR_FORWARD_ZONE

{

@@ -191,7 +218,7 @@ forwardstart: VAR_FORWARD_ZONE

;

contents_forward: contents_forward content_forward

| ;

-content_forward: forward_name | forward_host | forward_addr

+content_forward: forward_name | forward_host | forward_addr | forward_first

;

server_num_threads: VAR_NUM_THREADS STRING_ARG

{

@@ -592,6 +619,26 @@ server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG

free($2);

}

;

+server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG

+ {

+ OUTYY(("P(server_so_reuseport:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->so_reuseport =

+ (strcmp($2, "yes")==0);

+ free($2);

+ }

+ ;

+server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG

+ {

+ OUTYY(("P(server_ip_transparent:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->ip_transparent =

+ (strcmp($2, "yes")==0);

+ free($2);

+ }

+ ;

server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG

{

OUTYY(("P(server_edns_buffer_size:%s)\n", $2));

@@ -655,6 +702,25 @@ server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG

free($2);

}

;

+server_delay_close: VAR_DELAY_CLOSE STRING_ARG

+ {

+ OUTYY(("P(server_delay_close:%s)\n", $2));

+ if(atoi($2) == 0 && strcmp($2, "0") != 0)

+ yyerror("number expected");

+ else cfg_parser->cfg->delay_close = atoi($2);

+ free($2);

+ }

+ ;

+server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG

+ {

+ OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->unblock_lan_zones =

+ (strcmp($2, "yes")==0);

+ free($2);

+ }

+ ;

server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG

{

OUTYY(("P(server_rrset_cache_size:%s)\n", $2));

@@ -723,6 +789,15 @@ server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG

free($2);

}

;

+server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG

+ {

+ OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));

+ if(atoi($2) == 0 && strcmp($2, "0") != 0)

+ yyerror("number expected");

+ else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);

+ free($2);

+ }

+ ;

server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG

{

OUTYY(("P(server_target_fetch_policy:%s)\n", $2));

@@ -790,6 +865,16 @@ server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG

free($2);

}

;

+server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG

+ {

+ OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->harden_algo_downgrade =

+ (strcmp($2, "yes")==0);

+ free($2);

+ }

+ ;

server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG

{

OUTYY(("P(server_use_caps_for_id:%s)\n", $2));

@@ -800,6 +885,13 @@ server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG

free($2);

}

;

+server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG

+ {

+ OUTYY(("P(server_caps_whitelist:%s)\n", $2));

+ if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))

+ yyerror("out of memory");

+ }

+ ;

server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG

{

OUTYY(("P(server_private_address:%s)\n", $2));

@@ -862,9 +954,12 @@ server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG

{

OUTYY(("P(server_access_control:%s %s)\n", $2, $3));

if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&

+ strcmp($3, "deny_non_local")!=0 &&

+ strcmp($3, "refuse_non_local")!=0 &&

strcmp($3, "allow")!=0 &&

strcmp($3, "allow_snoop")!=0) {

- yyerror("expected deny, refuse, allow or allow_snoop "

+ yyerror("expected deny, refuse, deny_non_local, "

+ "refuse_non_local, allow or allow_snoop "

"in access control action");

} else {

if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))

@@ -932,6 +1027,15 @@ server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG

free($2);

}

;

+server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG

+ {

+ OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));

+ if(atoi($2) == 0 && strcmp($2, "0") != 0)

+ yyerror("number expected");

+ else cfg_parser->cfg->max_negative_ttl = atoi($2);

+ free($2);

+ }

+ ;

server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG

{

OUTYY(("P(server_cache_min_ttl:%s)\n", $2));

@@ -1022,6 +1126,15 @@ server_keep_missing: VAR_KEEP_MISSING STRING_ARG

free($2);

}

;

+server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG

+ {

+ OUTYY(("P(server_permit_small_holddown:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->permit_small_holddown =

+ (strcmp($2, "yes")==0);

+ free($2);

+ }

server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG

{

OUTYY(("P(server_key_cache_size:%s)\n", $2));

@@ -1057,10 +1170,12 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG

if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&

strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&

strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0

- && strcmp($3, "typetransparent")!=0)

+ && strcmp($3, "typetransparent")!=0 &&

+ strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0)

yyerror("local-zone type: expected static, deny, "

"refuse, redirect, transparent, "

- "typetransparent or nodefault");

+ "typetransparent, inform, inform_deny "

+ "or nodefault");

else if(strcmp($3, "nodefault")==0) {

if(!cfg_strlist_insert(&cfg_parser->cfg->

local_zones_nodefault, $2))

@@ -1095,6 +1210,114 @@ server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG

}

;

+server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG

+ {

+ OUTYY(("P(server_minimal_responses:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->minimal_responses =

+ (strcmp($2, "yes")==0);

+ free($2);

+ }

+ ;

+server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG

+ {

+ OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->rrset_roundrobin =

+ (strcmp($2, "yes")==0);

+ free($2);

+ }

+ ;

+server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG

+ {

+ OUTYY(("P(server_max_udp_size:%s)\n", $2));

+ cfg_parser->cfg->max_udp_size = atoi($2);

+ free($2);

+ }

+ ;

+server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG

+ {

+ OUTYY(("P(dns64_prefix:%s)\n", $2));

+ free(cfg_parser->cfg->dns64_prefix);

+ cfg_parser->cfg->dns64_prefix = $2;

+ }

+ ;

+server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG

+ {

+ OUTYY(("P(server_dns64_synthall:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);

+ free($2);

+ }

+ ;

+server_ratelimit: VAR_RATELIMIT STRING_ARG

+ {

+ OUTYY(("P(server_ratelimit:%s)\n", $2));

+ if(atoi($2) == 0 && strcmp($2, "0") != 0)

+ yyerror("number expected");

+ else cfg_parser->cfg->ratelimit = atoi($2);

+ free($2);

+ }

+ ;

+server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG

+ {

+ OUTYY(("P(server_ratelimit_size:%s)\n", $2));

+ if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))

+ yyerror("memory size expected");

+ free($2);

+ }

+ ;

+server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG

+ {

+ OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));

+ if(atoi($2) == 0)

+ yyerror("number expected");

+ else {

+ cfg_parser->cfg->ratelimit_slabs = atoi($2);

+ if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))

+ yyerror("must be a power of 2");

+ }

+ free($2);

+ }

+ ;

+server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG

+ {

+ OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));

+ if(atoi($3) == 0 && strcmp($3, "0") != 0) {

+ yyerror("number expected");

+ } else {

+ if(!cfg_str2list_insert(&cfg_parser->cfg->

+ ratelimit_for_domain, $2, $3))

+ fatal_exit("out of memory adding "

+ "ratelimit-for-domain");

+ }

+ ;

+server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG

+ {

+ OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));

+ if(atoi($3) == 0 && strcmp($3, "0") != 0) {

+ yyerror("number expected");

+ } else {

+ if(!cfg_str2list_insert(&cfg_parser->cfg->

+ ratelimit_below_domain, $2, $3))

+ fatal_exit("out of memory adding "

+ "ratelimit-below-domain");

+ }

+ ;

+server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG

+ {

+ OUTYY(("P(server_ratelimit_factor:%s)\n", $2));

+ if(atoi($2) == 0 && strcmp($2, "0") != 0)

+ yyerror("number expected");

+ else cfg_parser->cfg->ratelimit_factor = atoi($2);

+ free($2);

+ }

+ ;

stub_name: VAR_NAME STRING_ARG

{

OUTYY(("P(name:%s)\n", $2));

@@ -1119,6 +1342,15 @@ stub_addr: VAR_STUB_ADDR STRING_ARG

yyerror("out of memory");

}

;

+stub_first: VAR_STUB_FIRST STRING_ARG

+ {

+ OUTYY(("P(stub-first:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);

+ free($2);

+ }

+ ;

stub_prime: VAR_STUB_PRIME STRING_ARG

{

OUTYY(("P(stub-prime:%s)\n", $2));

@@ -1153,6 +1385,15 @@ forward_addr: VAR_FORWARD_ADDR STRING_ARG

yyerror("out of memory");

}

;

+forward_first: VAR_FORWARD_FIRST STRING_ARG

+ {

+ OUTYY(("P(forward-first:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);

+ free($2);

+ }

+ ;

rcstart: VAR_REMOTE_CONTROL

{

OUTYY(("\nP(remote-control:)\n"));

@@ -1162,7 +1403,7 @@ contents_rc: contents_rc content_rc

| ;

content_rc: rc_control_enable | rc_control_interface | rc_control_port |

rc_server_key_file | rc_server_cert_file | rc_control_key_file |

- rc_control_cert_file

+ rc_control_cert_file | rc_control_use_cert

;

rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG

{

@@ -1190,6 +1431,16 @@ rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG

yyerror("out of memory");

}

;

+rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG

+ {

+ OUTYY(("P(control_use_cert:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->remote_control_use_cert =

+ (strcmp($2, "yes")==0);

+ free($2);

+ }

+ ;

rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG

{

OUTYY(("P(rc_server_key_file:%s)\n", $2));

@@ -1218,6 +1469,122 @@ rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG

cfg_parser->cfg->control_cert_file = $2;

}

;

+dtstart: VAR_DNSTAP

+ {

+ OUTYY(("\nP(dnstap:)\n"));

+ }

+ ;

+contents_dt: contents_dt content_dt

+ | ;

+content_dt: dt_dnstap_enable | dt_dnstap_socket_path |

+ dt_dnstap_send_identity | dt_dnstap_send_version |

+ dt_dnstap_identity | dt_dnstap_version |

+ dt_dnstap_log_resolver_query_messages |

+ dt_dnstap_log_resolver_response_messages |

+ dt_dnstap_log_client_query_messages |

+ dt_dnstap_log_client_response_messages |

+ dt_dnstap_log_forwarder_query_messages |

+ dt_dnstap_log_forwarder_response_messages

+ ;

+dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG

+ {

+ OUTYY(("P(dt_dnstap_enable:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);

+ }

+ ;

+dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG

+ {

+ OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));

+ free(cfg_parser->cfg->dnstap_socket_path);

+ cfg_parser->cfg->dnstap_socket_path = $2;

+ }

+ ;

+dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG

+ {

+ OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);

+ }

+ ;

+dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG

+ {

+ OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);

+ }

+ ;

+dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG

+ {

+ OUTYY(("P(dt_dnstap_identity:%s)\n", $2));

+ free(cfg_parser->cfg->dnstap_identity);

+ cfg_parser->cfg->dnstap_identity = $2;

+ }

+ ;

+dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG

+ {

+ OUTYY(("P(dt_dnstap_version:%s)\n", $2));

+ free(cfg_parser->cfg->dnstap_version);

+ cfg_parser->cfg->dnstap_version = $2;

+ }

+ ;

+dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG

+ {

+ OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->dnstap_log_resolver_query_messages =

+ (strcmp($2, "yes")==0);

+ }

+ ;

+dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG

+ {

+ OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->dnstap_log_resolver_response_messages =

+ (strcmp($2, "yes")==0);

+ }

+ ;

+dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG

+ {

+ OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->dnstap_log_client_query_messages =

+ (strcmp($2, "yes")==0);

+ }

+ ;

+dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG

+ {

+ OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->dnstap_log_client_response_messages =

+ (strcmp($2, "yes")==0);

+ }

+ ;

+dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG

+ {

+ OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->dnstap_log_forwarder_query_messages =

+ (strcmp($2, "yes")==0);

+ }

+ ;

+dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG

+ {

+ OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));

+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)

+ yyerror("expected yes or no.");

+ else cfg_parser->cfg->dnstap_log_forwarder_response_messages =

+ (strcmp($2, "yes")==0);

+ }

+ ;

pythonstart: VAR_PYTHON

{

OUTYY(("\nP(python:)\n"));

diff --git a/usr.sbin/unbound/util/data/msgencode.c b/usr.sbin/unbound/util/data/msgencode.c
index a48a0a910b3..43464e9bbe0 100644
--- a/usr.sbin/unbound/util/data/msgencode.c
+++ b/usr.sbin/unbound/util/data/msgencode.c

@@ -21,16 +21,16 @@