diff options
Diffstat (limited to 'usr.sbin/unbound/util/configparser.y')
| -rw-r--r-- | usr.sbin/unbound/util/configparser.y | 138 |
1 files changed, 123 insertions, 15 deletions
diff --git a/usr.sbin/unbound/util/configparser.y b/usr.sbin/unbound/util/configparser.y index 272a9796939..e22d48d4105 100644 --- a/usr.sbin/unbound/util/configparser.y +++ b/usr.sbin/unbound/util/configparser.y @@ -100,17 +100,18 @@ extern struct config_parser_state* cfg_parser; %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE -%token VAR_CONTROL_USE_CERT +%token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN -%token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL -%token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN -%token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH -%token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN -%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS -%token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM -%token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST +%token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL +%token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING +%token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE +%token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT +%token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES +%token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM +%token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY +%token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE @@ -153,6 +154,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR +%token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER @@ -182,6 +184,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID +%token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -223,6 +226,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_harden_short_bufsize | server_harden_large_queries | server_do_not_query_address | server_hide_identity | server_hide_version | server_identity | server_version | + server_hide_http_user_agent | server_http_user_agent | server_harden_glue | server_module_conf | server_trust_anchor_file | server_trust_anchor | server_val_override_date | server_bogus_ttl | server_val_clean_additional | server_val_permissive_mode | @@ -242,8 +246,9 @@ content_server: server_num_threads | server_verbosity | server_port | server_local_data_ptr | server_jostle_timeout | server_unwanted_reply_threshold | server_log_time_ascii | server_domain_insecure | server_val_sig_skew_min | - server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level | - server_auto_trust_anchor_file | server_add_holddown | + server_val_sig_skew_max | server_val_max_restart | + server_cache_min_ttl | server_val_log_level | + server_auto_trust_anchor_file | server_add_holddown | server_del_holddown | server_keep_missing | server_so_rcvbuf | server_edns_buffer_size | server_prefetch | server_prefetch_key | server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag | @@ -299,7 +304,10 @@ content_server: server_num_threads | server_verbosity | server_port | server_stream_wait_size | server_tls_ciphers | server_tls_ciphersuites | server_tls_session_ticket_keys | server_tls_use_sni | server_edns_client_string | - server_edns_client_string_opcode | server_nsid + server_edns_client_string_opcode | server_nsid | + server_zonemd_permissive_mode | server_max_reuse_tcp_queries | + server_tcp_reuse_timeout | server_tcp_auth_query_timeout + ; stubstart: VAR_STUB_ZONE { @@ -366,6 +374,8 @@ authstart: VAR_AUTH_ZONE s->for_downstream = 1; s->for_upstream = 1; s->fallback_enabled = 0; + s->zonemd_check = 0; + s->zonemd_reject_absence = 0; s->isrpz = 0; } else yyerror("out of memory"); @@ -375,7 +385,7 @@ contents_auth: contents_auth content_auth | ; content_auth: auth_name | auth_zonefile | auth_master | auth_url | auth_for_downstream | auth_for_upstream | auth_fallback_enabled | - auth_allow_notify + auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence ; rpz_tag: VAR_TAGS STRING_ARG @@ -856,6 +866,39 @@ server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG free($2); } ; +server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG + { + OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else if (atoi($2) < 1) + cfg_parser->cfg->max_reuse_tcp_queries = 0; + else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2); + free($2); + } + ; +server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG + { + OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else if (atoi($2) < 1) + cfg_parser->cfg->tcp_reuse_timeout = 0; + else cfg_parser->cfg->tcp_reuse_timeout = atoi($2); + free($2); + } + ; +server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG + { + OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else if (atoi($2) < 1) + cfg_parser->cfg->tcp_auth_query_timeout = 0; + else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2); + free($2); + } + ; server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG { OUTYY(("P(server_tcp_keepalive:%s)\n", $2)); @@ -1296,6 +1339,15 @@ server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG free($2); } ; +server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG + { + OUTYY(("P(server_hide_user_agent:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0); + free($2); + } + ; server_identity: VAR_IDENTITY STRING_ARG { OUTYY(("P(server_identity:%s)\n", $2)); @@ -1310,6 +1362,13 @@ server_version: VAR_VERSION STRING_ARG cfg_parser->cfg->version = $2; } ; +server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG + { + OUTYY(("P(server_http_user_agent:%s)\n", $2)); + free(cfg_parser->cfg->http_user_agent); + cfg_parser->cfg->http_user_agent = $2; + } + ; server_nsid: VAR_NSID STRING_ARG { OUTYY(("P(server_nsid:%s)\n", $2)); @@ -1814,6 +1873,19 @@ server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG free($2); } ; +server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG + { + OUTYY(("P(server_val_max_restart:%s)\n", $2)); + if(*$2 == '\0' || strcmp($2, "0") == 0) { + cfg_parser->cfg->val_max_restart = 0; + } else { + cfg_parser->cfg->val_max_restart = atoi($2); + if(!cfg_parser->cfg->val_max_restart) + yyerror("number expected"); + } + free($2); + } + ; server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG { OUTYY(("P(server_cache_max_ttl:%s)\n", $2)); @@ -1986,6 +2058,15 @@ server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG cfg_parser->cfg->val_nsec3_key_iterations = $2; } ; +server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG + { + OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0); + free($2); + } + ; server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG { OUTYY(("P(server_add_holddown:%s)\n", $2)); @@ -2741,6 +2822,26 @@ auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG yyerror("out of memory"); } ; +auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG + { + OUTYY(("P(zonemd-check:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->zonemd_check = + (strcmp($2, "yes")==0); + free($2); + } + ; +auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG + { + OUTYY(("P(zonemd-reject-absence:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->zonemd_reject_absence = + (strcmp($2, "yes")==0); + free($2); + } + ; auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG { OUTYY(("P(for-downstream:%s)\n", $2)); @@ -2791,13 +2892,20 @@ view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG && strcmp($3, "always_transparent")!=0 && strcmp($3, "always_refuse")!=0 && strcmp($3, "always_nxdomain")!=0 + && strcmp($3, "always_nodata")!=0 + && strcmp($3, "always_deny")!=0 + && strcmp($3, "always_null")!=0 && strcmp($3, "noview")!=0 - && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) { + && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0 + && strcmp($3, "inform_redirect") != 0 + && strcmp($3, "ipset") != 0) { yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " - "always_transparent, always_refuse, " - "always_nxdomain, noview or nodefault"); + "inform_redirect, always_transparent, " + "always_refuse, always_nxdomain, " + "always_nodata, always_deny, always_null, " + "noview, nodefault or ipset"); free($2); free($3); } else if(strcmp($3, "nodefault")==0) { |