summaryrefslogtreecommitdiff
path: root/usr.sbin/unbound/util/config_file.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/unbound/util/config_file.c')
-rw-r--r--usr.sbin/unbound/util/config_file.c43
1 files changed, 42 insertions, 1 deletions
diff --git a/usr.sbin/unbound/util/config_file.c b/usr.sbin/unbound/util/config_file.c
index 5a8139d69c4..6139dfc2610 100644
--- a/usr.sbin/unbound/util/config_file.c
+++ b/usr.sbin/unbound/util/config_file.c
@@ -116,6 +116,7 @@ config_create(void)
cfg->ssl_upstream = 0;
cfg->tls_cert_bundle = NULL;
cfg->tls_win_cert = 0;
+ cfg->tls_use_sni = 1;
cfg->use_syslog = 1;
cfg->log_identity = NULL; /* changed later with argv[0] */
cfg->log_time_ascii = 0;
@@ -186,6 +187,7 @@ config_create(void)
cfg->so_reuseport = REUSEPORT_DEFAULT;
cfg->ip_transparent = 0;
cfg->ip_freebind = 0;
+ cfg->ip_dscp = 0;
cfg->num_ifs = 0;
cfg->ifs = NULL;
cfg->num_out_ifs = 0;
@@ -266,13 +268,14 @@ config_create(void)
cfg->unblock_lan_zones = 0;
cfg->insecure_lan_zones = 0;
cfg->python_script = NULL;
+ cfg->dynlib_file = NULL;
cfg->remote_control_enable = 0;
cfg->control_ifs.first = NULL;
cfg->control_ifs.last = NULL;
cfg->control_port = UNBOUND_CONTROL_PORT;
cfg->control_use_cert = 1;
cfg->minimal_responses = 1;
- cfg->rrset_roundrobin = 0;
+ cfg->rrset_roundrobin = 1;
cfg->unknown_server_time_limit = 376;
cfg->max_udp_size = 4096;
if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key")))
@@ -295,6 +298,8 @@ config_create(void)
if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH)))
goto error_exit;
#endif
+ cfg->dnstap_bidirectional = 1;
+ cfg->dnstap_tls = 1;
cfg->disable_dnssec_lame_check = 0;
cfg->ip_ratelimit = 0;
cfg->ratelimit = 0;
@@ -335,6 +340,7 @@ config_create(void)
if(!(cfg->redis_server_host = strdup("127.0.0.1"))) goto error_exit;
cfg->redis_timeout = 100;
cfg->redis_server_port = 6379;
+ cfg->redis_expire_records = 0;
#endif /* USE_REDIS */
#endif /* USE_CACHEDB */
#ifdef USE_IPSET
@@ -504,6 +510,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_STRLIST_APPEND("tls-session-ticket-keys:", tls_session_ticket_keys)
else S_STR("tls-ciphers:", tls_ciphers)
else S_STR("tls-ciphersuites:", tls_ciphersuites)
+ else S_YNO("tls-use-sni:", tls_use_sni)
else S_YNO("interface-automatic:", if_automatic)
else S_YNO("use-systemd:", use_systemd)
else S_YNO("do-daemonize:", do_daemonize)
@@ -523,6 +530,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_YNO("so-reuseport:", so_reuseport)
else S_YNO("ip-transparent:", ip_transparent)
else S_YNO("ip-freebind:", ip_freebind)
+ else S_NUMBER_OR_ZERO("ip-dscp:", ip_dscp)
else S_MEMSIZE("rrset-cache-size:", rrset_cache_size)
else S_POW2("rrset-cache-slabs:", rrset_cache_slabs)
else S_YNO("prefetch:", prefetch)
@@ -622,6 +630,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_STR("control-cert-file:", control_cert_file)
else S_STR("module-config:", module_conf)
else S_STRLIST("python-script:", python_script)
+ else S_STRLIST("dynlib-file:", dynlib_file)
else S_YNO("disable-dnssec-lame-check:", disable_dnssec_lame_check)
#ifdef CLIENT_SUBNET
/* Can't set max subnet prefix here, since that value is used when
@@ -631,7 +640,15 @@ int config_set_option(struct config_file* cfg, const char* opt,
#endif
#ifdef USE_DNSTAP
else S_YNO("dnstap-enable:", dnstap)
+ else S_YNO("dnstap-bidirectional:", dnstap_bidirectional)
else S_STR("dnstap-socket-path:", dnstap_socket_path)
+ else S_STR("dnstap-ip:", dnstap_ip)
+ else S_YNO("dnstap-tls:", dnstap_tls)
+ else S_STR("dnstap-tls-server-name:", dnstap_tls_server_name)
+ else S_STR("dnstap-tls-cert-bundle:", dnstap_tls_cert_bundle)
+ else S_STR("dnstap-tls-client-key-file:", dnstap_tls_client_key_file)
+ else S_STR("dnstap-tls-client-cert-file:",
+ dnstap_tls_client_cert_file)
else S_YNO("dnstap-send-identity:", dnstap_send_identity)
else S_YNO("dnstap-send-version:", dnstap_send_version)
else S_STR("dnstap-identity:", dnstap_identity)
@@ -915,6 +932,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_YNO(opt, "so-reuseport", so_reuseport)
else O_YNO(opt, "ip-transparent", ip_transparent)
else O_YNO(opt, "ip-freebind", ip_freebind)
+ else O_DEC(opt, "ip-dscp", ip_dscp)
else O_MEM(opt, "rrset-cache-size", rrset_cache_size)
else O_DEC(opt, "rrset-cache-slabs", rrset_cache_slabs)
else O_YNO(opt, "prefetch-key", prefetch_key)
@@ -949,6 +967,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_LST(opt, "tls-session-ticket-keys", tls_session_ticket_keys.first)
else O_STR(opt, "tls-ciphers", tls_ciphers)
else O_STR(opt, "tls-ciphersuites", tls_ciphersuites)
+ else O_YNO(opt, "tls-use-sni", tls_use_sni)
else O_YNO(opt, "use-systemd", use_systemd)
else O_YNO(opt, "do-daemonize", do_daemonize)
else O_STR(opt, "chroot", chrootdir)
@@ -1038,7 +1057,16 @@ config_get_option(struct config_file* cfg, const char* opt,
#endif
#ifdef USE_DNSTAP
else O_YNO(opt, "dnstap-enable", dnstap)
+ else O_YNO(opt, "dnstap-bidirectional", dnstap_bidirectional)
else O_STR(opt, "dnstap-socket-path", dnstap_socket_path)
+ else O_STR(opt, "dnstap-ip", dnstap_ip)
+ else O_YNO(opt, "dnstap-tls", dnstap_tls)
+ else O_STR(opt, "dnstap-tls-server-name", dnstap_tls_server_name)
+ else O_STR(opt, "dnstap-tls-cert-bundle", dnstap_tls_cert_bundle)
+ else O_STR(opt, "dnstap-tls-client-key-file",
+ dnstap_tls_client_key_file)
+ else O_STR(opt, "dnstap-tls-client-cert-file",
+ dnstap_tls_client_cert_file)
else O_YNO(opt, "dnstap-send-identity", dnstap_send_identity)
else O_YNO(opt, "dnstap-send-version", dnstap_send_version)
else O_STR(opt, "dnstap-identity", dnstap_identity)
@@ -1076,6 +1104,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_YNO(opt, "insecure-lan-zones", insecure_lan_zones)
else O_DEC(opt, "max-udp-size", max_udp_size)
else O_LST(opt, "python-script", python_script)
+ else O_LST(opt, "dynlib-file", dynlib_file)
else O_YNO(opt, "disable-dnssec-lame-check", disable_dnssec_lame_check)
else O_DEC(opt, "ip-ratelimit", ip_ratelimit)
else O_DEC(opt, "ratelimit", ratelimit)
@@ -1116,6 +1145,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_STR(opt, "redis-server-host", redis_server_host)
else O_DEC(opt, "redis-server-port", redis_server_port)
else O_DEC(opt, "redis-timeout", redis_timeout)
+ else O_YNO(opt, "redis-expire-records", redis_expire_records)
#endif /* USE_REDIS */
#endif /* USE_CACHEDB */
#ifdef USE_IPSET
@@ -1458,11 +1488,17 @@ config_delete(struct config_file* cfg)
free(cfg->dns64_prefix);
config_delstrlist(cfg->dns64_ignore_aaaa);
free(cfg->dnstap_socket_path);
+ free(cfg->dnstap_ip);
+ free(cfg->dnstap_tls_server_name);
+ free(cfg->dnstap_tls_cert_bundle);
+ free(cfg->dnstap_tls_client_key_file);
+ free(cfg->dnstap_tls_client_cert_file);
free(cfg->dnstap_identity);
free(cfg->dnstap_version);
config_deldblstrlist(cfg->ratelimit_for_domain);
config_deldblstrlist(cfg->ratelimit_below_domain);
config_delstrlist(cfg->python_script);
+ config_delstrlist(cfg->dynlib_file);
#ifdef USE_IPSECMOD
free(cfg->ipsecmod_hook);
config_delstrlist(cfg->ipsecmod_whitelist);
@@ -1509,6 +1545,11 @@ int
cfg_mark_ports(const char* str, int allow, int* avail, int num)
{
char* mid = strchr(str, '-');
+#ifdef DISABLE_EXPLICIT_PORT_RANDOMISATION
+ log_warn("Explicit port randomisation disabled, ignoring "
+ "outgoing-port-permit and outgoing-port-avoid configuration "
+ "options");
+#endif
if(!mid) {
int port = atoi(str);
if(port == 0 && strcmp(str, "0") != 0) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 07:25:37 +0000