- removed base_port.

- created 256-port ephemeral space for the OS, 59802 available.


git-svn-id: file:///svn/unbound/trunk@1030 be551aaa-1e26-0410-a405-d3ace91eadb9

daemon/daemon.c

@@ -228,6 +228,7 @@ daemon_create_workers(struct daemon* daemon)
 	if(!shufport)
 		fatal_exit("out of memory during daemon init");
 	numport = daemon_get_shufport(daemon, shufport);
+	verbose(VERB_ALGO, "total of %d outgoing ports available", numport);
 	
 	daemon->num = daemon->cfg->num_threads;
 	daemon->workers = (struct worker**)calloc((size_t)daemon->num, 

daemon/unbound.c

@@ -91,9 +91,7 @@ checkrlimits(struct config_file* cfg)
 			(int)cfg->incoming_num_tcp:0));
 	size_t ifs = (size_t)(cfg->num_ifs==0?1:cfg->num_ifs);
 	size_t listen_num = list*ifs;
-	size_t out_ifs = (size_t)(cfg->num_out_ifs==0?
-		( (cfg->do_ip4?1:0) + (cfg->do_ip6?1:0) ) :cfg->num_out_ifs);
-	size_t outudpnum = cfg->outgoing_num_ports*out_ifs;
+	size_t outudpnum = (size_t)cfg->outgoing_num_ports;
 	size_t outtcpnum = cfg->outgoing_num_tcp;
 	size_t misc = 4; /* logfile, pidfile, stdout... */
 	size_t perthread_noudp = listen_num + outtcpnum + 
@@ -109,8 +107,6 @@ checkrlimits(struct config_file* cfg)
 	size_t avail;
 	struct rlimit rlim;
 
-	verbose(VERB_ALGO, "%d ports available in config",
-		cfg_scan_ports(cfg->outgoing_avail_ports, 65536));
 	if(getrlimit(RLIMIT_NOFILE, &rlim) < 0) {
 		log_warn("getrlimit: %s", strerror(errno));
 		return;
@@ -127,8 +123,7 @@ checkrlimits(struct config_file* cfg)
 				(unsigned)avail, (unsigned)total+10);
 			cfg->outgoing_num_ports = (int)((avail 
 				- numthread*perthread_noudp 
-				- 10 /* safety margin */)
-				/(numthread*out_ifs));
+				- 10 /* safety margin */) /numthread);
 			log_warn("continuing with less udp ports: %u",
 				cfg->outgoing_num_ports);
 			log_warn("increase ulimit or decrease threads, ports in config to remove this warning");

daemon/worker.c

@@ -933,7 +933,6 @@ worker_init(struct worker* worker, struct config_file *cfg,
 	struct listen_port* ports, int do_sigs)
 {
 	unsigned int seed;
-	int startport;
 	worker->need_to_exit = 0;
 	worker->base = comm_base_create();
 	if(!worker->base) {
@@ -979,12 +978,10 @@ worker_init(struct worker* worker, struct config_file *cfg,
 		worker_delete(worker);
 		return 0;
 	}
-	startport  = cfg->outgoing_base_port + 
-		cfg->outgoing_num_ports * worker->thread_num;
 	worker->back = outside_network_create(worker->base,
 		cfg->msg_buffer_size, (size_t)cfg->outgoing_num_ports, 
 		cfg->out_ifs, cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, 
-		startport, cfg->do_tcp?cfg->outgoing_num_tcp:0, 
+		cfg->do_tcp?cfg->outgoing_num_tcp:0, 
 		worker->daemon->env->infra_cache, worker->rndstate,
 		cfg->use_caps_bits_for_id, worker->ports, worker->numports);
 	if(!worker->back) {

doc/Changelog

@@ -1,6 +1,8 @@
 11 April 2008: Wouter
 	- random port selection out of the configged ports.
 	- fixup threadsafety for libevent-1.4.3+ (event_base_get_method).
+	- removed base_port.
+	- created 256-port ephemeral space for the OS, 59802 available.
 
 10 April 2008: Wouter
 	- --with-libevent works with latest libevent 1.4.99-trunk.

doc/example.conf

@@ -48,15 +48,8 @@ server:
 	# outgoing-interface: 2001:DB8::5
 	# outgoing-interface: 2001:DB8::6
 
-	# unbound needs to send packets to authoritative nameservers.
-	# it uses a range of ports for that.
-	# the start number of the port range
-	# outgoing-port: 1053
-
-	# number of port to allocate per thread, determines the size of the
-	# port range. A larger port range gives more resistance to certain
-	# spoof attacks, as it gets harder to guess which port is used. 
-	# But also takes more system resources (for open sockets).
+	# number of ports to allocate per thread, determines the size of the
+	# port range that can be open simultaneously. 
 	# outgoing-range: 256
 	
 	# permit unbound to use this port number or port range for

doc/unbound.conf.5

@@ -122,20 +122,16 @@ and
 lines, the interfaces are then used for both purposes. Outgoing queries are 
 sent via a random outgoing interface to counter spoofing.
 .TP
-.B outgoing\-port: \fI<port number>
-The starting port number where the outgoing query port range is allocated.
-Default is 1053.
-.TP
 .B outgoing\-range: \fI<number>
-Number of ports to open. This number is opened per thread for every outgoing
-query interface. Must be at least 1. Default is 256.
-Larger numbers give more protection against spoofing attempts, but need
-extra resources from the operating system.
+Number of ports to open. This number of file descriptors can be opened per 
+thread. Must be at least 1. Default is 256. Larger numbers need extra 
+resources from the operating system.
 .TP
 .B outgoing\-port\-permit: \fI<port number or range>
 Permit unbound to open this port or range of ports for use to send queries.
-Make sure these ports are not needed by other daemons. By default only
-ports above 1024 that have not been assigned by IANA are used.
+A larger number of permitted outgoing ports increases resilience against
+spoofing attempts. Make sure these ports are not needed by other daemons. 
+By default only ports above 1024 that have not been assigned by IANA are used.
 Give a port number or a range of the form "low-high", without spaces.
 .TP
 .B outgoing\-port\-avoid: \fI<port number or range>

libunbound/libworker.c

@@ -158,7 +158,7 @@ libworker_setup(struct ub_ctx* ctx, int is_bg)
 	}
 	w->back = outside_network_create(w->base, cfg->msg_buffer_size,
 		(size_t)cfg->outgoing_num_ports, cfg->out_ifs,
-		cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, -1, 
+		cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, 
 		cfg->do_tcp?cfg->outgoing_num_tcp:0,
 		w->env->infra_cache, w->env->rnd, cfg->use_caps_bits_for_id,
 		ports, numports);

services/outside_network.c

@@ -62,7 +62,7 @@
 /** number of times to retry making a random ID that is unique. */
 #define MAX_ID_RETRY 1000
 /** number of times to retry finding interface, port that can be opened. */
-#define MAX_PORT_RETRY 1000
+#define MAX_PORT_RETRY 10000
 /** number of retries on outgoing UDP queries */
 #define OUTBOUND_UDP_RETRY 1
 
@@ -422,7 +422,7 @@ static int setup_if(struct port_if* pif, const char* addrstr,
 struct outside_network* 
 outside_network_create(struct comm_base *base, size_t bufsize, 
 	size_t num_ports, char** ifs, int num_ifs, int do_ip4, 
-	int do_ip6, int port_base, size_t num_tcp, struct infra_cache* infra,
+	int do_ip6, size_t num_tcp, struct infra_cache* infra,
 	struct ub_randstate* rnd, int use_caps_for_id, int* availports, 
 	int numavailports)
 {

services/outside_network.h

@@ -320,8 +320,6 @@ struct serviced_query {
  * @param num_ifs: number of names in array ifs.
  * @param do_ip4: service IP4.
  * @param do_ip6: service IP6.
- * @param port_base: if -1 system assigns ports, otherwise try to get
- *    the ports numbered from this starting number.
  * @param num_tcp: number of outgoing tcp buffers to preallocate.
  * @param infra: pointer to infra cached used for serviced queries.
  * @param rnd: stored to create random numbers for serviced queries.
@@ -332,9 +330,9 @@ struct serviced_query {
  */
 struct outside_network* outside_network_create(struct comm_base* base,
 	size_t bufsize, size_t num_ports, char** ifs, int num_ifs,
-	int do_ip4, int do_ip6, int port_base, size_t num_tcp, 
-	struct infra_cache* infra, struct ub_randstate* rnd,
-	int use_caps_for_id, int* availports, int numavailports);
+	int do_ip4, int do_ip6, size_t num_tcp, struct infra_cache* infra, 
+	struct ub_randstate* rnd, int use_caps_for_id, int* availports, 
+	int numavailports);
 
 /**
  * Delete outside_network structure.

testcode/fake_event.c

@@ -684,8 +684,8 @@ struct outside_network*
 outside_network_create(struct comm_base* base, size_t bufsize, 
 	size_t ATTR_UNUSED(num_ports), char** ATTR_UNUSED(ifs), 
 	int ATTR_UNUSED(num_ifs), int ATTR_UNUSED(do_ip4), 
-	int ATTR_UNUSED(do_ip6), int ATTR_UNUSED(port_base),
-	size_t ATTR_UNUSED(num_tcp), struct infra_cache* ATTR_UNUSED(infra),
+	int ATTR_UNUSED(do_ip6), size_t ATTR_UNUSED(num_tcp), 
+	struct infra_cache* ATTR_UNUSED(infra),
 	struct ub_randstate* ATTR_UNUSED(rnd), 
 	int ATTR_UNUSED(use_caps_for_id), int* ATTR_UNUSED(availports),
 	int ATTR_UNUSED(numavailports))

util/config_file.c

@@ -82,7 +82,6 @@ config_create()
 	cfg->do_udp = 1;
 	cfg->do_tcp = 1;
 	cfg->use_syslog = 1;
-	cfg->outgoing_base_port = cfg->port + 2000;
 	cfg->outgoing_num_ports = 256;
 	cfg->outgoing_num_tcp = 10;
 	cfg->incoming_num_tcp = 10;
@@ -213,12 +212,15 @@ int config_set_option(struct config_file* cfg, const char* opt,
 	} else if(strcmp(opt, "do-tcp:") == 0) {
 		IS_YES_OR_NO;
 		cfg->do_tcp = (strcmp(val, "yes") == 0);
-	} else if(strcmp(opt, "outgoing-port:") == 0) {
-		IS_NUMBER_OR_ZERO;
-		cfg->outgoing_base_port = atoi(val);
 	} else if(strcmp(opt, "outgoing-range:") == 0) {
 		IS_NONZERO_NUMBER;
 		cfg->outgoing_num_ports = atoi(val);
+	} else if(strcmp(opt, "outgoing-port-permit:") == 0) {
+		return cfg_mark_ports(val, 1, 
+			cfg->outgoing_avail_ports, 65536);
+	} else if(strcmp(opt, "outgoing-port-avoid:") == 0) {
+		return cfg_mark_ports(val, 0, 
+			cfg->outgoing_avail_ports, 65536);
 	} else if(strcmp(opt, "outgoing-num-tcp:") == 0) {
 		IS_NUMBER_OR_ZERO;
 		cfg->outgoing_num_tcp = (size_t)atoi(val);
@@ -465,6 +467,10 @@ init_outgoing_availports(int* a, int num)
 	for(i=1024; i<num; i++) {
 		a[i] = i;
 	}
+	/* create empty spot at 49152 to keep ephemeral ports available 
+	 * to other programs */
+	for(i=49152; i<49152+256; i++)
+		a[i] = 0;
 	/* pick out all the IANA assigned ports */
 	for(i=0; iana_assigned[i]!=-1; i++) {
 		if(iana_assigned[i] < num)

util/config_file.h

@@ -72,9 +72,7 @@ struct config_file {
 	/** do tcp query support. */
 	int do_tcp;
 
-	/** outgoing port range base number */
-	int outgoing_base_port;
-	/** outgoing port range number of ports (per thread, per if) */
+	/** outgoing port range number of ports (per thread) */
 	int outgoing_num_ports;
 	/** number of outgoing tcp buffers per (per thread) */
 	size_t outgoing_num_tcp;

util/configlexer.lex

@@ -103,7 +103,6 @@ server{COLON}		{ YDOUT; return VAR_SERVER;}
 num-threads{COLON}	{ YDOUT; return VAR_NUM_THREADS;}
 verbosity{COLON}	{ YDOUT; return VAR_VERBOSITY;}
 port{COLON}		{ YDOUT; return VAR_PORT;}
-outgoing-port{COLON}	{ YDOUT; return VAR_OUTGOING_PORT;}
 outgoing-range{COLON}	{ YDOUT; return VAR_OUTGOING_RANGE;}
 outgoing-port-permit{COLON}	{ YDOUT; return VAR_OUTGOING_PORT_PERMIT;}
 outgoing-port-avoid{COLON}	{ YDOUT; return VAR_OUTGOING_PORT_AVOID;}

util/configparser.h

@@ -51,74 +51,73 @@
      VAR_VERBOSITY = 267,
      VAR_NUM_THREADS = 268,
      VAR_PORT = 269,
-     VAR_OUTGOING_PORT = 270,
-     VAR_OUTGOING_RANGE = 271,
-     VAR_INTERFACE = 272,
-     VAR_DO_IP4 = 273,
-     VAR_DO_IP6 = 274,
-     VAR_DO_UDP = 275,
-     VAR_DO_TCP = 276,
-     VAR_CHROOT = 277,
-     VAR_USERNAME = 278,
-     VAR_DIRECTORY = 279,
-     VAR_LOGFILE = 280,
-     VAR_PIDFILE = 281,
-     VAR_MSG_CACHE_SIZE = 282,
-     VAR_MSG_CACHE_SLABS = 283,
-     VAR_NUM_QUERIES_PER_THREAD = 284,
-     VAR_RRSET_CACHE_SIZE = 285,
-     VAR_RRSET_CACHE_SLABS = 286,
-     VAR_OUTGOING_NUM_TCP = 287,
-     VAR_INFRA_HOST_TTL = 288,
-     VAR_INFRA_LAME_TTL = 289,
-     VAR_INFRA_CACHE_SLABS = 290,
-     VAR_INFRA_CACHE_NUMHOSTS = 291,
-     VAR_INFRA_CACHE_LAME_SIZE = 292,
-     VAR_NAME = 293,
-     VAR_STUB_ZONE = 294,
-     VAR_STUB_HOST = 295,
-     VAR_STUB_ADDR = 296,
-     VAR_TARGET_FETCH_POLICY = 297,
-     VAR_HARDEN_SHORT_BUFSIZE = 298,
-     VAR_HARDEN_LARGE_QUERIES = 299,
-     VAR_FORWARD_ZONE = 300,
-     VAR_FORWARD_HOST = 301,
-     VAR_FORWARD_ADDR = 302,
-     VAR_DO_NOT_QUERY_ADDRESS = 303,
-     VAR_HIDE_IDENTITY = 304,
-     VAR_HIDE_VERSION = 305,
-     VAR_IDENTITY = 306,
-     VAR_VERSION = 307,
-     VAR_HARDEN_GLUE = 308,
-     VAR_MODULE_CONF = 309,
-     VAR_TRUST_ANCHOR_FILE = 310,
-     VAR_TRUST_ANCHOR = 311,
-     VAR_VAL_OVERRIDE_DATE = 312,
-     VAR_BOGUS_TTL = 313,
-     VAR_VAL_CLEAN_ADDITIONAL = 314,
-     VAR_VAL_PERMISSIVE_MODE = 315,
-     VAR_INCOMING_NUM_TCP = 316,
-     VAR_MSG_BUFFER_SIZE = 317,
-     VAR_KEY_CACHE_SIZE = 318,
-     VAR_KEY_CACHE_SLABS = 319,
-     VAR_TRUSTED_KEYS_FILE = 320,
-     VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 321,
-     VAR_USE_SYSLOG = 322,
-     VAR_OUTGOING_INTERFACE = 323,
-     VAR_ROOT_HINTS = 324,
-     VAR_DO_NOT_QUERY_LOCALHOST = 325,
-     VAR_CACHE_MAX_TTL = 326,
-     VAR_HARDEN_DNNSEC_STRIPPED = 327,
-     VAR_ACCESS_CONTROL = 328,
-     VAR_LOCAL_ZONE = 329,
-     VAR_LOCAL_DATA = 330,
-     VAR_INTERFACE_AUTOMATIC = 331,
-     VAR_STATISTICS_INTERVAL = 332,
-     VAR_DO_DAEMONIZE = 333,
-     VAR_USE_CAPS_FOR_ID = 334,
-     VAR_STATISTICS_CUMULATIVE = 335,
-     VAR_OUTGOING_PORT_PERMIT = 336,
-     VAR_OUTGOING_PORT_AVOID = 337
+     VAR_OUTGOING_RANGE = 270,
+     VAR_INTERFACE = 271,
+     VAR_DO_IP4 = 272,
+     VAR_DO_IP6 = 273,
+     VAR_DO_UDP = 274,
+     VAR_DO_TCP = 275,
+     VAR_CHROOT = 276,
+     VAR_USERNAME = 277,
+     VAR_DIRECTORY = 278,
+     VAR_LOGFILE = 279,
+     VAR_PIDFILE = 280,
+     VAR_MSG_CACHE_SIZE = 281,
+     VAR_MSG_CACHE_SLABS = 282,
+     VAR_NUM_QUERIES_PER_THREAD = 283,
+     VAR_RRSET_CACHE_SIZE = 284,
+     VAR_RRSET_CACHE_SLABS = 285,
+     VAR_OUTGOING_NUM_TCP = 286,
+     VAR_INFRA_HOST_TTL = 287,
+     VAR_INFRA_LAME_TTL = 288,
+     VAR_INFRA_CACHE_SLABS = 289,
+     VAR_INFRA_CACHE_NUMHOSTS = 290,
+     VAR_INFRA_CACHE_LAME_SIZE = 291,
+     VAR_NAME = 292,
+     VAR_STUB_ZONE = 293,
+     VAR_STUB_HOST = 294,
+     VAR_STUB_ADDR = 295,
+     VAR_TARGET_FETCH_POLICY = 296,
+     VAR_HARDEN_SHORT_BUFSIZE = 297,
+     VAR_HARDEN_LARGE_QUERIES = 298,
+     VAR_FORWARD_ZONE = 299,
+     VAR_FORWARD_HOST = 300,
+     VAR_FORWARD_ADDR = 301,
+     VAR_DO_NOT_QUERY_ADDRESS = 302,
+     VAR_HIDE_IDENTITY = 303,
+     VAR_HIDE_VERSION = 304,
+     VAR_IDENTITY = 305,
+     VAR_VERSION = 306,
+     VAR_HARDEN_GLUE = 307,
+     VAR_MODULE_CONF = 308,
+     VAR_TRUST_ANCHOR_FILE = 309,
+     VAR_TRUST_ANCHOR = 310,
+     VAR_VAL_OVERRIDE_DATE = 311,
+     VAR_BOGUS_TTL = 312,
+     VAR_VAL_CLEAN_ADDITIONAL = 313,
+     VAR_VAL_PERMISSIVE_MODE = 314,
+     VAR_INCOMING_NUM_TCP = 315,
+     VAR_MSG_BUFFER_SIZE = 316,
+     VAR_KEY_CACHE_SIZE = 317,
+     VAR_KEY_CACHE_SLABS = 318,
+     VAR_TRUSTED_KEYS_FILE = 319,
+     VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 320,
+     VAR_USE_SYSLOG = 321,
+     VAR_OUTGOING_INTERFACE = 322,
+     VAR_ROOT_HINTS = 323,
+     VAR_DO_NOT_QUERY_LOCALHOST = 324,
+     VAR_CACHE_MAX_TTL = 325,
+     VAR_HARDEN_DNNSEC_STRIPPED = 326,
+     VAR_ACCESS_CONTROL = 327,
+     VAR_LOCAL_ZONE = 328,
+     VAR_LOCAL_DATA = 329,
+     VAR_INTERFACE_AUTOMATIC = 330,
+     VAR_STATISTICS_INTERVAL = 331,
+     VAR_DO_DAEMONIZE = 332,
+     VAR_USE_CAPS_FOR_ID = 333,
+     VAR_STATISTICS_CUMULATIVE = 334,
+     VAR_OUTGOING_PORT_PERMIT = 335,
+     VAR_OUTGOING_PORT_AVOID = 336
    };
 #endif
 /* Tokens.  */
@@ -134,74 +133,73 @@
 #define VAR_VERBOSITY 267
 #define VAR_NUM_THREADS 268
 #define VAR_PORT 269
-#define VAR_OUTGOING_PORT 270
-#define VAR_OUTGOING_RANGE 271
-#define VAR_INTERFACE 272
-#define VAR_DO_IP4 273
-#define VAR_DO_IP6 274
-#define VAR_DO_UDP 275
-#define VAR_DO_TCP 276
-#define VAR_CHROOT 277
-#define VAR_USERNAME 278
-#define VAR_DIRECTORY 279
-#define VAR_LOGFILE 280
-#define VAR_PIDFILE 281
-#define VAR_MSG_CACHE_SIZE 282
-#define VAR_MSG_CACHE_SLABS 283
-#define VAR_NUM_QUERIES_PER_THREAD 284
-#define VAR_RRSET_CACHE_SIZE 285
-#define VAR_RRSET_CACHE_SLABS 286
-#define VAR_OUTGOING_NUM_TCP 287
-#define VAR_INFRA_HOST_TTL 288
-#define VAR_INFRA_LAME_TTL 289
-#define VAR_INFRA_CACHE_SLABS 290
-#define VAR_INFRA_CACHE_NUMHOSTS 291
-#define VAR_INFRA_CACHE_LAME_SIZE 292
-#define VAR_NAME 293
-#define VAR_STUB_ZONE 294
-#define VAR_STUB_HOST 295
-#define VAR_STUB_ADDR 296
-#define VAR_TARGET_FETCH_POLICY 297
-#define VAR_HARDEN_SHORT_BUFSIZE 298
-#define VAR_HARDEN_LARGE_QUERIES 299
-#define VAR_FORWARD_ZONE 300
-#define VAR_FORWARD_HOST 301
-#define VAR_FORWARD_ADDR 302
-#define VAR_DO_NOT_QUERY_ADDRESS 303
-#define VAR_HIDE_IDENTITY 304
-#define VAR_HIDE_VERSION 305
-#define VAR_IDENTITY 306
-#define VAR_VERSION 307
-#define VAR_HARDEN_GLUE 308
-#define VAR_MODULE_CONF 309
-#define VAR_TRUST_ANCHOR_FILE 310
-#define VAR_TRUST_ANCHOR 311
-#define VAR_VAL_OVERRIDE_DATE 312
-#define VAR_BOGUS_TTL 313
-#define VAR_VAL_CLEAN_ADDITIONAL 314
-#define VAR_VAL_PERMISSIVE_MODE 315
-#define VAR_INCOMING_NUM_TCP 316
-#define VAR_MSG_BUFFER_SIZE 317
-#define VAR_KEY_CACHE_SIZE 318
-#define VAR_KEY_CACHE_SLABS 319
-#define VAR_TRUSTED_KEYS_FILE 320
-#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 321
-#define VAR_USE_SYSLOG 322
-#define VAR_OUTGOING_INTERFACE 323
-#define VAR_ROOT_HINTS 324
-#define VAR_DO_NOT_QUERY_LOCALHOST 325
-#define VAR_CACHE_MAX_TTL 326
-#define VAR_HARDEN_DNNSEC_STRIPPED 327
-#define VAR_ACCESS_CONTROL 328
-#define VAR_LOCAL_ZONE 329
-#define VAR_LOCAL_DATA 330
-#define VAR_INTERFACE_AUTOMATIC 331
-#define VAR_STATISTICS_INTERVAL 332
-#define VAR_DO_DAEMONIZE 333
-#define VAR_USE_CAPS_FOR_ID 334
-#define VAR_STATISTICS_CUMULATIVE 335
-#define VAR_OUTGOING_PORT_PERMIT 336
-#define VAR_OUTGOING_PORT_AVOID 337
+#define VAR_OUTGOING_RANGE 270
+#define VAR_INTERFACE 271
+#define VAR_DO_IP4 272
+#define VAR_DO_IP6 273
+#define VAR_DO_UDP 274
+#define VAR_DO_TCP 275
+#define VAR_CHROOT 276
+#define VAR_USERNAME 277
+#define VAR_DIRECTORY 278
+#define VAR_LOGFILE 279
+#define VAR_PIDFILE 280
+#define VAR_MSG_CACHE_SIZE 281
+#define VAR_MSG_CACHE_SLABS 282
+#define VAR_NUM_QUERIES_PER_THREAD 283
+#define VAR_RRSET_CACHE_SIZE 284
+#define VAR_RRSET_CACHE_SLABS 285
+#define VAR_OUTGOING_NUM_TCP 286
+#define VAR_INFRA_HOST_TTL 287
+#define VAR_INFRA_LAME_TTL 288
+#define VAR_INFRA_CACHE_SLABS 289
+#define VAR_INFRA_CACHE_NUMHOSTS 290
+#define VAR_INFRA_CACHE_LAME_SIZE 291
+#define VAR_NAME 292
+#define VAR_STUB_ZONE 293
+#define VAR_STUB_HOST 294
+#define VAR_STUB_ADDR 295
+#define VAR_TARGET_FETCH_POLICY 296
+#define VAR_HARDEN_SHORT_BUFSIZE 297
+#define VAR_HARDEN_LARGE_QUERIES 298
+#define VAR_FORWARD_ZONE 299
+#define VAR_FORWARD_HOST 300
+#define VAR_FORWARD_ADDR 301
+#define VAR_DO_NOT_QUERY_ADDRESS 302
+#define VAR_HIDE_IDENTITY 303
+#define VAR_HIDE_VERSION 304
+#define VAR_IDENTITY 305
+#define VAR_VERSION 306
+#define VAR_HARDEN_GLUE 307
+#define VAR_MODULE_CONF 308
+#define VAR_TRUST_ANCHOR_FILE 309
+#define VAR_TRUST_ANCHOR 310
+#define VAR_VAL_OVERRIDE_DATE 311
+#define VAR_BOGUS_TTL 312
+#define VAR_VAL_CLEAN_ADDITIONAL 313
+#define VAR_VAL_PERMISSIVE_MODE 314
+#define VAR_INCOMING_NUM_TCP 315
+#define VAR_MSG_BUFFER_SIZE 316
+#define VAR_KEY_CACHE_SIZE 317
+#define VAR_KEY_CACHE_SLABS 318
+#define VAR_TRUSTED_KEYS_FILE 319
+#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 320
+#define VAR_USE_SYSLOG 321
+#define VAR_OUTGOING_INTERFACE 322
+#define VAR_ROOT_HINTS 323
+#define VAR_DO_NOT_QUERY_LOCALHOST 324
+#define VAR_CACHE_MAX_TTL 325
+#define VAR_HARDEN_DNNSEC_STRIPPED 326
+#define VAR_ACCESS_CONTROL 327
+#define VAR_LOCAL_ZONE 328
+#define VAR_LOCAL_DATA 329
+#define VAR_INTERFACE_AUTOMATIC 330
+#define VAR_STATISTICS_INTERVAL 331
+#define VAR_DO_DAEMONIZE 332
+#define VAR_USE_CAPS_FOR_ID 333
+#define VAR_STATISTICS_CUMULATIVE 334
+#define VAR_OUTGOING_PORT_PERMIT 335
+#define VAR_OUTGOING_PORT_AVOID 336
 
 
 
@@ -213,7 +211,7 @@ typedef union YYSTYPE
 	char*	str;
 }
 /* Line 1489 of yacc.c.  */
-#line 217 "util/configparser.h"
+#line 215 "util/configparser.h"
 	YYSTYPE;
 # define yystype YYSTYPE /* obsolescent; will be withdrawn */
 # define YYSTYPE_IS_DECLARED 1

util/configparser.y

@@ -68,7 +68,7 @@ extern struct config_parser_state* cfg_parser;
 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
 %token <str> STRING
 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
-%token VAR_OUTGOING_PORT VAR_OUTGOING_RANGE VAR_INTERFACE
+%token VAR_OUTGOING_RANGE VAR_INTERFACE
 %token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_UDP VAR_DO_TCP 
 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
@@ -107,7 +107,7 @@ serverstart: VAR_SERVER
 contents_server: contents_server content_server 
 	| ;
 content_server: server_num_threads | server_verbosity | server_port |
-	server_outgoing_port | server_outgoing_range | server_do_ip4 |
+	server_outgoing_range | server_do_ip4 |
 	server_do_ip6 | server_do_udp | server_do_tcp | 
 	server_interface | server_chroot | server_username | 
 	server_directory | server_logfile | server_pidfile |
@@ -241,15 +241,6 @@ server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING
 				cfg_parser->cfg->num_out_ifs++] = $2;
 	}
 	;
-server_outgoing_port: VAR_OUTGOING_PORT STRING
-	{
-		OUTYY(("P(server_outgoing_port:%s)\n", $2));
-		if(atoi($2) == 0)
-			yyerror("port number expected");
-		else cfg_parser->cfg->outgoing_base_port = atoi($2);
-		free($2);
-	}
-	;
 server_outgoing_range: VAR_OUTGOING_RANGE STRING
 	{
 		OUTYY(("P(server_outgoing_range:%s)\n", $2));