summaryrefslogtreecommitdiff
path: root/sbin/unwind/libunbound/util/configparser.y
diff options
context:
space:
mode:
Diffstat (limited to 'sbin/unwind/libunbound/util/configparser.y')
-rw-r--r--sbin/unwind/libunbound/util/configparser.y67
1 files changed, 62 insertions, 5 deletions
diff --git a/sbin/unwind/libunbound/util/configparser.y b/sbin/unwind/libunbound/util/configparser.y
index c7b916966e2..10227a2ff7f 100644
--- a/sbin/unwind/libunbound/util/configparser.y
+++ b/sbin/unwind/libunbound/util/configparser.y
@@ -167,6 +167,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
%token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES
%token VAR_TLS_SESSION_TICKET_KEYS
+%token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
%%
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@@ -174,7 +175,7 @@ toplevelvar: serverstart contents_server | stubstart contents_stub |
forwardstart contents_forward | pythonstart contents_py |
rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
dnscstart contents_dnsc | cachedbstart contents_cachedb |
- authstart contents_auth
+ ipsetstart contents_ipset | authstart contents_auth
;
/* server: declaration */
@@ -1784,13 +1785,14 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
&& strcmp($3, "always_nxdomain")!=0
&& strcmp($3, "noview")!=0
&& strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
- && strcmp($3, "inform_redirect") != 0) {
+ && strcmp($3, "inform_redirect") != 0
+ && strcmp($3, "ipset") != 0) {
yyerror("local-zone type: expected static, deny, "
"refuse, redirect, transparent, "
"typetransparent, inform, inform_deny, "
"inform_redirect, always_transparent, "
"always_refuse, always_nxdomain, noview "
- "or nodefault");
+ ", nodefault or ipset");
free($2);
free($3);
} else if(strcmp($3, "nodefault")==0) {
@@ -1798,6 +1800,13 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
local_zones_nodefault, $2))
fatal_exit("out of memory adding local-zone");
free($3);
+#ifdef USE_IPSET
+ } else if(strcmp($3, "ipset")==0) {
+ if(!cfg_strlist_insert(&cfg_parser->cfg->
+ local_zones_ipset, $2))
+ fatal_exit("out of memory adding local-zone");
+ free($3);
+#endif
} else {
if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
$2, $3))
@@ -2455,6 +2464,13 @@ view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
local_zones_nodefault, $2))
fatal_exit("out of memory adding local-zone");
free($3);
+#ifdef USE_IPSET
+ } else if(strcmp($3, "ipset")==0) {
+ if(!cfg_strlist_insert(&cfg_parser->cfg->views->
+ local_zones_ipset, $2))
+ fatal_exit("out of memory adding local-zone");
+ free($3);
+#endif
} else {
if(!cfg_str2list_insert(
&cfg_parser->cfg->views->local_zones,
@@ -2722,8 +2738,8 @@ content_py: py_script
py_script: VAR_PYTHON_SCRIPT STRING_ARG
{
OUTYY(("P(python-script:%s)\n", $2));
- free(cfg_parser->cfg->python_script);
- cfg_parser->cfg->python_script = $2;
+ if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
+ yyerror("out of memory");
}
server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
{
@@ -2959,6 +2975,45 @@ server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
}
}
;
+ ipsetstart: VAR_IPSET
+ {
+ OUTYY(("\nP(ipset:)\n"));
+ }
+ ;
+ contents_ipset: contents_ipset content_ipset
+ | ;
+ content_ipset: ipset_name_v4 | ipset_name_v6
+ ;
+ ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
+ {
+ #ifdef USE_IPSET
+ OUTYY(("P(name-v4:%s)\n", $2));
+ if(cfg_parser->cfg->ipset_name_v4)
+ yyerror("ipset name v4 override, there must be one "
+ "name for ip v4");
+ free(cfg_parser->cfg->ipset_name_v4);
+ cfg_parser->cfg->ipset_name_v4 = $2;
+ #else
+ OUTYY(("P(Compiled without ipset, ignoring)\n"));
+ free($2);
+ #endif
+ }
+ ;
+ ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
+ {
+ #ifdef USE_IPSET
+ OUTYY(("P(name-v6:%s)\n", $2));
+ if(cfg_parser->cfg->ipset_name_v6)
+ yyerror("ipset name v6 override, there must be one "
+ "name for ip v6");
+ free(cfg_parser->cfg->ipset_name_v6);
+ cfg_parser->cfg->ipset_name_v6 = $2;
+ #else
+ OUTYY(("P(Compiled without ipset, ignoring)\n"));
+ free($2);
+ #endif
+ }
+ ;
%%
/* parse helper routines could be here */
@@ -2978,3 +3033,5 @@ validate_respip_action(const char* action)
"always_refuse or always_nxdomain");
}
}
+
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-29 15:08:01 +0000