mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-21 07:10:43 -05:00
- Fix #4154: make ECS_MAX_TREESIZE configurable, with
the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options. git-svn-id: file:///svn/unbound/trunk@4945 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
6bd4060ae0
commit
5fec1c8b1f
10 changed files with 3709 additions and 3576 deletions
|
|
@ -3,6 +3,8 @@
|
||||||
group.
|
group.
|
||||||
- check that the dnstap socket file can be opened and exists, print
|
- check that the dnstap socket file can be opened and exists, print
|
||||||
error if not.
|
error if not.
|
||||||
|
- Fix #4154: make ECS_MAX_TREESIZE configurable, with
|
||||||
|
the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options.
|
||||||
|
|
||||||
22 October 2018: Ralph
|
22 October 2018: Ralph
|
||||||
- Change fast-server-num default to 3.
|
- Change fast-server-num default to 3.
|
||||||
|
|
|
||||||
|
|
@ -1841,6 +1841,14 @@ to expose to third parties for IPv6. Defaults to 56.
|
||||||
.B max\-client\-subnet\-ipv4: \fI<number>\fR
|
.B max\-client\-subnet\-ipv4: \fI<number>\fR
|
||||||
Specifies the maximum prefix length of the client source address we are willing
|
Specifies the maximum prefix length of the client source address we are willing
|
||||||
to expose to third parties for IPv4. Defaults to 24.
|
to expose to third parties for IPv4. Defaults to 24.
|
||||||
|
.TP
|
||||||
|
.B max\-ecs\-tree\-size\-ipv4: \fI<number>\fR
|
||||||
|
Specifies the maximum number of subnets ECS answers kept in the ECS radix tree.
|
||||||
|
This number applies for each qname/qclass/qtype tuple. Defaults to 100.
|
||||||
|
.TP
|
||||||
|
.B max\-ecs\-tree\-size\-ipv6: \fI<number>\fR
|
||||||
|
Specifies the maximum number of subnets ECS answers kept in the ECS radix tree.
|
||||||
|
This number applies for each qname/qclass/qtype tuple. Defaults to 100.
|
||||||
.SS "Opportunistic IPsec Support Module Options"
|
.SS "Opportunistic IPsec Support Module Options"
|
||||||
.LP
|
.LP
|
||||||
The IPsec module must be configured in the \fBmodule\-config:\fR "ipsecmod
|
The IPsec module must be configured in the \fBmodule\-config:\fR "ipsecmod
|
||||||
|
|
|
||||||
|
|
@ -56,8 +56,6 @@
|
||||||
#include "util/data/msgreply.h"
|
#include "util/data/msgreply.h"
|
||||||
#include "sldns/sbuffer.h"
|
#include "sldns/sbuffer.h"
|
||||||
|
|
||||||
#define ECS_MAX_TREESIZE 100
|
|
||||||
|
|
||||||
/** externally called */
|
/** externally called */
|
||||||
void
|
void
|
||||||
subnet_data_delete(void *d, void *ATTR_UNUSED(arg))
|
subnet_data_delete(void *d, void *ATTR_UNUSED(arg))
|
||||||
|
|
@ -291,13 +289,13 @@ get_tree(struct subnet_msg_cache_data *data, struct ecs_data *edns,
|
||||||
if (!data->tree4)
|
if (!data->tree4)
|
||||||
data->tree4 = addrtree_create(
|
data->tree4 = addrtree_create(
|
||||||
cfg->max_client_subnet_ipv4, &delfunc,
|
cfg->max_client_subnet_ipv4, &delfunc,
|
||||||
&sizefunc, env, ECS_MAX_TREESIZE);
|
&sizefunc, env, cfg->max_ecs_tree_size_ipv4);
|
||||||
tree = data->tree4;
|
tree = data->tree4;
|
||||||
} else {
|
} else {
|
||||||
if (!data->tree6)
|
if (!data->tree6)
|
||||||
data->tree6 = addrtree_create(
|
data->tree6 = addrtree_create(
|
||||||
cfg->max_client_subnet_ipv6, &delfunc,
|
cfg->max_client_subnet_ipv6, &delfunc,
|
||||||
&sizefunc, env, ECS_MAX_TREESIZE);
|
&sizefunc, env, cfg->max_ecs_tree_size_ipv6);
|
||||||
tree = data->tree6;
|
tree = data->tree6;
|
||||||
}
|
}
|
||||||
return tree;
|
return tree;
|
||||||
|
|
|
||||||
|
|
@ -194,6 +194,8 @@ config_create(void)
|
||||||
cfg->client_subnet_always_forward = 0;
|
cfg->client_subnet_always_forward = 0;
|
||||||
cfg->max_client_subnet_ipv4 = 24;
|
cfg->max_client_subnet_ipv4 = 24;
|
||||||
cfg->max_client_subnet_ipv6 = 56;
|
cfg->max_client_subnet_ipv6 = 56;
|
||||||
|
cfg->max_ecs_tree_size_ipv4 = 100;
|
||||||
|
cfg->max_ecs_tree_size_ipv6 = 100;
|
||||||
#endif
|
#endif
|
||||||
cfg->views = NULL;
|
cfg->views = NULL;
|
||||||
cfg->acls = NULL;
|
cfg->acls = NULL;
|
||||||
|
|
@ -682,7 +684,8 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
||||||
* ratelimit-for-domain, ratelimit-below-domain,
|
* ratelimit-for-domain, ratelimit-below-domain,
|
||||||
* local-zone-tag, access-control-view,
|
* local-zone-tag, access-control-view,
|
||||||
* send-client-subnet, client-subnet-always-forward,
|
* send-client-subnet, client-subnet-always-forward,
|
||||||
* max-client-subnet-ipv4, max-client-subnet-ipv6, ipsecmod_hook,
|
* max-client-subnet-ipv4, max-client-subnet-ipv6,
|
||||||
|
* max-ecs-tree-size-ipv4, max-ecs-tree-size-ipv6, ipsecmod_hook,
|
||||||
* ipsecmod_whitelist. */
|
* ipsecmod_whitelist. */
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
@ -981,6 +984,8 @@ config_get_option(struct config_file* cfg, const char* opt,
|
||||||
else O_LST(opt, "client-subnet-zone", client_subnet_zone)
|
else O_LST(opt, "client-subnet-zone", client_subnet_zone)
|
||||||
else O_DEC(opt, "max-client-subnet-ipv4", max_client_subnet_ipv4)
|
else O_DEC(opt, "max-client-subnet-ipv4", max_client_subnet_ipv4)
|
||||||
else O_DEC(opt, "max-client-subnet-ipv6", max_client_subnet_ipv6)
|
else O_DEC(opt, "max-client-subnet-ipv6", max_client_subnet_ipv6)
|
||||||
|
else O_DEC(opt, "max-ecs-tree-size-ipv4", max_ecs_tree_size_ipv4)
|
||||||
|
else O_DEC(opt, "max-ecs-tree-size-ipv6", max_ecs_tree_size_ipv6)
|
||||||
else O_YNO(opt, "client-subnet-always-forward:",
|
else O_YNO(opt, "client-subnet-always-forward:",
|
||||||
client_subnet_always_forward)
|
client_subnet_always_forward)
|
||||||
#endif
|
#endif
|
||||||
|
|
|
||||||
|
|
@ -215,6 +215,9 @@ struct config_file {
|
||||||
/** Subnet length we are willing to give up privacy for */
|
/** Subnet length we are willing to give up privacy for */
|
||||||
uint8_t max_client_subnet_ipv4;
|
uint8_t max_client_subnet_ipv4;
|
||||||
uint8_t max_client_subnet_ipv6;
|
uint8_t max_client_subnet_ipv6;
|
||||||
|
/** Max number of nodes in the ECS radix tree */
|
||||||
|
uint32_t max_ecs_tree_size_ipv4;
|
||||||
|
uint32_t max_ecs_tree_size_ipv6;
|
||||||
#endif
|
#endif
|
||||||
/** list of access control entries, linked list */
|
/** list of access control entries, linked list */
|
||||||
struct config_str2list* acls;
|
struct config_str2list* acls;
|
||||||
|
|
|
||||||
4101
util/configlexer.c
4101
util/configlexer.c
File diff suppressed because it is too large
Load diff
|
|
@ -331,6 +331,8 @@ client-subnet-always-forward{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD)
|
||||||
client-subnet-opcode{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) }
|
client-subnet-opcode{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) }
|
||||||
max-client-subnet-ipv4{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) }
|
max-client-subnet-ipv4{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) }
|
||||||
max-client-subnet-ipv6{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) }
|
max-client-subnet-ipv6{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) }
|
||||||
|
max-ecs-tree-size-ipv4{COLON} { YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) }
|
||||||
|
max-ecs-tree-size-ipv6{COLON} { YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) }
|
||||||
hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) }
|
hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) }
|
||||||
hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) }
|
hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) }
|
||||||
hide-trustanchor{COLON} { YDVAR(1, VAR_HIDE_TRUSTANCHOR) }
|
hide-trustanchor{COLON} { YDVAR(1, VAR_HIDE_TRUSTANCHOR) }
|
||||||
|
|
|
||||||
2694
util/configparser.c
2694
util/configparser.c
File diff suppressed because it is too large
Load diff
|
|
@ -228,76 +228,78 @@ extern int yydebug;
|
||||||
VAR_CLIENT_SUBNET_OPCODE = 438,
|
VAR_CLIENT_SUBNET_OPCODE = 438,
|
||||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 439,
|
VAR_MAX_CLIENT_SUBNET_IPV4 = 439,
|
||||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 440,
|
VAR_MAX_CLIENT_SUBNET_IPV6 = 440,
|
||||||
VAR_CAPS_WHITELIST = 441,
|
VAR_MAX_ECS_TREE_SIZE_IPV4 = 441,
|
||||||
VAR_CACHE_MAX_NEGATIVE_TTL = 442,
|
VAR_MAX_ECS_TREE_SIZE_IPV6 = 442,
|
||||||
VAR_PERMIT_SMALL_HOLDDOWN = 443,
|
VAR_CAPS_WHITELIST = 443,
|
||||||
VAR_QNAME_MINIMISATION = 444,
|
VAR_CACHE_MAX_NEGATIVE_TTL = 444,
|
||||||
VAR_QNAME_MINIMISATION_STRICT = 445,
|
VAR_PERMIT_SMALL_HOLDDOWN = 445,
|
||||||
VAR_IP_FREEBIND = 446,
|
VAR_QNAME_MINIMISATION = 446,
|
||||||
VAR_DEFINE_TAG = 447,
|
VAR_QNAME_MINIMISATION_STRICT = 447,
|
||||||
VAR_LOCAL_ZONE_TAG = 448,
|
VAR_IP_FREEBIND = 448,
|
||||||
VAR_ACCESS_CONTROL_TAG = 449,
|
VAR_DEFINE_TAG = 449,
|
||||||
VAR_LOCAL_ZONE_OVERRIDE = 450,
|
VAR_LOCAL_ZONE_TAG = 450,
|
||||||
VAR_ACCESS_CONTROL_TAG_ACTION = 451,
|
VAR_ACCESS_CONTROL_TAG = 451,
|
||||||
VAR_ACCESS_CONTROL_TAG_DATA = 452,
|
VAR_LOCAL_ZONE_OVERRIDE = 452,
|
||||||
VAR_VIEW = 453,
|
VAR_ACCESS_CONTROL_TAG_ACTION = 453,
|
||||||
VAR_ACCESS_CONTROL_VIEW = 454,
|
VAR_ACCESS_CONTROL_TAG_DATA = 454,
|
||||||
VAR_VIEW_FIRST = 455,
|
VAR_VIEW = 455,
|
||||||
VAR_SERVE_EXPIRED = 456,
|
VAR_ACCESS_CONTROL_VIEW = 456,
|
||||||
VAR_SERVE_EXPIRED_TTL = 457,
|
VAR_VIEW_FIRST = 457,
|
||||||
VAR_SERVE_EXPIRED_TTL_RESET = 458,
|
VAR_SERVE_EXPIRED = 458,
|
||||||
VAR_FAKE_DSA = 459,
|
VAR_SERVE_EXPIRED_TTL = 459,
|
||||||
VAR_FAKE_SHA1 = 460,
|
VAR_SERVE_EXPIRED_TTL_RESET = 460,
|
||||||
VAR_LOG_IDENTITY = 461,
|
VAR_FAKE_DSA = 461,
|
||||||
VAR_HIDE_TRUSTANCHOR = 462,
|
VAR_FAKE_SHA1 = 462,
|
||||||
VAR_TRUST_ANCHOR_SIGNALING = 463,
|
VAR_LOG_IDENTITY = 463,
|
||||||
VAR_AGGRESSIVE_NSEC = 464,
|
VAR_HIDE_TRUSTANCHOR = 464,
|
||||||
VAR_USE_SYSTEMD = 465,
|
VAR_TRUST_ANCHOR_SIGNALING = 465,
|
||||||
VAR_SHM_ENABLE = 466,
|
VAR_AGGRESSIVE_NSEC = 466,
|
||||||
VAR_SHM_KEY = 467,
|
VAR_USE_SYSTEMD = 467,
|
||||||
VAR_ROOT_KEY_SENTINEL = 468,
|
VAR_SHM_ENABLE = 468,
|
||||||
VAR_DNSCRYPT = 469,
|
VAR_SHM_KEY = 469,
|
||||||
VAR_DNSCRYPT_ENABLE = 470,
|
VAR_ROOT_KEY_SENTINEL = 470,
|
||||||
VAR_DNSCRYPT_PORT = 471,
|
VAR_DNSCRYPT = 471,
|
||||||
VAR_DNSCRYPT_PROVIDER = 472,
|
VAR_DNSCRYPT_ENABLE = 472,
|
||||||
VAR_DNSCRYPT_SECRET_KEY = 473,
|
VAR_DNSCRYPT_PORT = 473,
|
||||||
VAR_DNSCRYPT_PROVIDER_CERT = 474,
|
VAR_DNSCRYPT_PROVIDER = 474,
|
||||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 475,
|
VAR_DNSCRYPT_SECRET_KEY = 475,
|
||||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 476,
|
VAR_DNSCRYPT_PROVIDER_CERT = 476,
|
||||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 477,
|
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 477,
|
||||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 478,
|
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 478,
|
||||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 479,
|
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 479,
|
||||||
VAR_IPSECMOD_ENABLED = 480,
|
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 480,
|
||||||
VAR_IPSECMOD_HOOK = 481,
|
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 481,
|
||||||
VAR_IPSECMOD_IGNORE_BOGUS = 482,
|
VAR_IPSECMOD_ENABLED = 482,
|
||||||
VAR_IPSECMOD_MAX_TTL = 483,
|
VAR_IPSECMOD_HOOK = 483,
|
||||||
VAR_IPSECMOD_WHITELIST = 484,
|
VAR_IPSECMOD_IGNORE_BOGUS = 484,
|
||||||
VAR_IPSECMOD_STRICT = 485,
|
VAR_IPSECMOD_MAX_TTL = 485,
|
||||||
VAR_CACHEDB = 486,
|
VAR_IPSECMOD_WHITELIST = 486,
|
||||||
VAR_CACHEDB_BACKEND = 487,
|
VAR_IPSECMOD_STRICT = 487,
|
||||||
VAR_CACHEDB_SECRETSEED = 488,
|
VAR_CACHEDB = 488,
|
||||||
VAR_CACHEDB_REDISHOST = 489,
|
VAR_CACHEDB_BACKEND = 489,
|
||||||
VAR_CACHEDB_REDISPORT = 490,
|
VAR_CACHEDB_SECRETSEED = 490,
|
||||||
VAR_CACHEDB_REDISTIMEOUT = 491,
|
VAR_CACHEDB_REDISHOST = 491,
|
||||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 492,
|
VAR_CACHEDB_REDISPORT = 492,
|
||||||
VAR_FOR_UPSTREAM = 493,
|
VAR_CACHEDB_REDISTIMEOUT = 493,
|
||||||
VAR_AUTH_ZONE = 494,
|
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 494,
|
||||||
VAR_ZONEFILE = 495,
|
VAR_FOR_UPSTREAM = 495,
|
||||||
VAR_MASTER = 496,
|
VAR_AUTH_ZONE = 496,
|
||||||
VAR_URL = 497,
|
VAR_ZONEFILE = 497,
|
||||||
VAR_FOR_DOWNSTREAM = 498,
|
VAR_MASTER = 498,
|
||||||
VAR_FALLBACK_ENABLED = 499,
|
VAR_URL = 499,
|
||||||
VAR_TLS_ADDITIONAL_PORT = 500,
|
VAR_FOR_DOWNSTREAM = 500,
|
||||||
VAR_LOW_RTT = 501,
|
VAR_FALLBACK_ENABLED = 501,
|
||||||
VAR_LOW_RTT_PERMIL = 502,
|
VAR_TLS_ADDITIONAL_PORT = 502,
|
||||||
VAR_FAST_SERVER_PERMIL = 503,
|
VAR_LOW_RTT = 503,
|
||||||
VAR_FAST_SERVER_NUM = 504,
|
VAR_LOW_RTT_PERMIL = 504,
|
||||||
VAR_ALLOW_NOTIFY = 505,
|
VAR_FAST_SERVER_PERMIL = 505,
|
||||||
VAR_TLS_WIN_CERT = 506,
|
VAR_FAST_SERVER_NUM = 506,
|
||||||
VAR_TCP_CONNECTION_LIMIT = 507,
|
VAR_ALLOW_NOTIFY = 507,
|
||||||
VAR_FORWARD_NO_CACHE = 508,
|
VAR_TLS_WIN_CERT = 508,
|
||||||
VAR_STUB_NO_CACHE = 509,
|
VAR_TCP_CONNECTION_LIMIT = 509,
|
||||||
VAR_LOG_SERVFAIL = 510
|
VAR_FORWARD_NO_CACHE = 510,
|
||||||
|
VAR_STUB_NO_CACHE = 511,
|
||||||
|
VAR_LOG_SERVFAIL = 512
|
||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
/* Tokens. */
|
/* Tokens. */
|
||||||
|
|
@ -484,76 +486,78 @@ extern int yydebug;
|
||||||
#define VAR_CLIENT_SUBNET_OPCODE 438
|
#define VAR_CLIENT_SUBNET_OPCODE 438
|
||||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 439
|
#define VAR_MAX_CLIENT_SUBNET_IPV4 439
|
||||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 440
|
#define VAR_MAX_CLIENT_SUBNET_IPV6 440
|
||||||
#define VAR_CAPS_WHITELIST 441
|
#define VAR_MAX_ECS_TREE_SIZE_IPV4 441
|
||||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 442
|
#define VAR_MAX_ECS_TREE_SIZE_IPV6 442
|
||||||
#define VAR_PERMIT_SMALL_HOLDDOWN 443
|
#define VAR_CAPS_WHITELIST 443
|
||||||
#define VAR_QNAME_MINIMISATION 444
|
#define VAR_CACHE_MAX_NEGATIVE_TTL 444
|
||||||
#define VAR_QNAME_MINIMISATION_STRICT 445
|
#define VAR_PERMIT_SMALL_HOLDDOWN 445
|
||||||
#define VAR_IP_FREEBIND 446
|
#define VAR_QNAME_MINIMISATION 446
|
||||||
#define VAR_DEFINE_TAG 447
|
#define VAR_QNAME_MINIMISATION_STRICT 447
|
||||||
#define VAR_LOCAL_ZONE_TAG 448
|
#define VAR_IP_FREEBIND 448
|
||||||
#define VAR_ACCESS_CONTROL_TAG 449
|
#define VAR_DEFINE_TAG 449
|
||||||
#define VAR_LOCAL_ZONE_OVERRIDE 450
|
#define VAR_LOCAL_ZONE_TAG 450
|
||||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 451
|
#define VAR_ACCESS_CONTROL_TAG 451
|
||||||
#define VAR_ACCESS_CONTROL_TAG_DATA 452
|
#define VAR_LOCAL_ZONE_OVERRIDE 452
|
||||||
#define VAR_VIEW 453
|
#define VAR_ACCESS_CONTROL_TAG_ACTION 453
|
||||||
#define VAR_ACCESS_CONTROL_VIEW 454
|
#define VAR_ACCESS_CONTROL_TAG_DATA 454
|
||||||
#define VAR_VIEW_FIRST 455
|
#define VAR_VIEW 455
|
||||||
#define VAR_SERVE_EXPIRED 456
|
#define VAR_ACCESS_CONTROL_VIEW 456
|
||||||
#define VAR_SERVE_EXPIRED_TTL 457
|
#define VAR_VIEW_FIRST 457
|
||||||
#define VAR_SERVE_EXPIRED_TTL_RESET 458
|
#define VAR_SERVE_EXPIRED 458
|
||||||
#define VAR_FAKE_DSA 459
|
#define VAR_SERVE_EXPIRED_TTL 459
|
||||||
#define VAR_FAKE_SHA1 460
|
#define VAR_SERVE_EXPIRED_TTL_RESET 460
|
||||||
#define VAR_LOG_IDENTITY 461
|
#define VAR_FAKE_DSA 461
|
||||||
#define VAR_HIDE_TRUSTANCHOR 462
|
#define VAR_FAKE_SHA1 462
|
||||||
#define VAR_TRUST_ANCHOR_SIGNALING 463
|
#define VAR_LOG_IDENTITY 463
|
||||||
#define VAR_AGGRESSIVE_NSEC 464
|
#define VAR_HIDE_TRUSTANCHOR 464
|
||||||
#define VAR_USE_SYSTEMD 465
|
#define VAR_TRUST_ANCHOR_SIGNALING 465
|
||||||
#define VAR_SHM_ENABLE 466
|
#define VAR_AGGRESSIVE_NSEC 466
|
||||||
#define VAR_SHM_KEY 467
|
#define VAR_USE_SYSTEMD 467
|
||||||
#define VAR_ROOT_KEY_SENTINEL 468
|
#define VAR_SHM_ENABLE 468
|
||||||
#define VAR_DNSCRYPT 469
|
#define VAR_SHM_KEY 469
|
||||||
#define VAR_DNSCRYPT_ENABLE 470
|
#define VAR_ROOT_KEY_SENTINEL 470
|
||||||
#define VAR_DNSCRYPT_PORT 471
|
#define VAR_DNSCRYPT 471
|
||||||
#define VAR_DNSCRYPT_PROVIDER 472
|
#define VAR_DNSCRYPT_ENABLE 472
|
||||||
#define VAR_DNSCRYPT_SECRET_KEY 473
|
#define VAR_DNSCRYPT_PORT 473
|
||||||
#define VAR_DNSCRYPT_PROVIDER_CERT 474
|
#define VAR_DNSCRYPT_PROVIDER 474
|
||||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 475
|
#define VAR_DNSCRYPT_SECRET_KEY 475
|
||||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 476
|
#define VAR_DNSCRYPT_PROVIDER_CERT 476
|
||||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 477
|
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 477
|
||||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 478
|
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 478
|
||||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 479
|
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 479
|
||||||
#define VAR_IPSECMOD_ENABLED 480
|
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 480
|
||||||
#define VAR_IPSECMOD_HOOK 481
|
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 481
|
||||||
#define VAR_IPSECMOD_IGNORE_BOGUS 482
|
#define VAR_IPSECMOD_ENABLED 482
|
||||||
#define VAR_IPSECMOD_MAX_TTL 483
|
#define VAR_IPSECMOD_HOOK 483
|
||||||
#define VAR_IPSECMOD_WHITELIST 484
|
#define VAR_IPSECMOD_IGNORE_BOGUS 484
|
||||||
#define VAR_IPSECMOD_STRICT 485
|
#define VAR_IPSECMOD_MAX_TTL 485
|
||||||
#define VAR_CACHEDB 486
|
#define VAR_IPSECMOD_WHITELIST 486
|
||||||
#define VAR_CACHEDB_BACKEND 487
|
#define VAR_IPSECMOD_STRICT 487
|
||||||
#define VAR_CACHEDB_SECRETSEED 488
|
#define VAR_CACHEDB 488
|
||||||
#define VAR_CACHEDB_REDISHOST 489
|
#define VAR_CACHEDB_BACKEND 489
|
||||||
#define VAR_CACHEDB_REDISPORT 490
|
#define VAR_CACHEDB_SECRETSEED 490
|
||||||
#define VAR_CACHEDB_REDISTIMEOUT 491
|
#define VAR_CACHEDB_REDISHOST 491
|
||||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 492
|
#define VAR_CACHEDB_REDISPORT 492
|
||||||
#define VAR_FOR_UPSTREAM 493
|
#define VAR_CACHEDB_REDISTIMEOUT 493
|
||||||
#define VAR_AUTH_ZONE 494
|
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 494
|
||||||
#define VAR_ZONEFILE 495
|
#define VAR_FOR_UPSTREAM 495
|
||||||
#define VAR_MASTER 496
|
#define VAR_AUTH_ZONE 496
|
||||||
#define VAR_URL 497
|
#define VAR_ZONEFILE 497
|
||||||
#define VAR_FOR_DOWNSTREAM 498
|
#define VAR_MASTER 498
|
||||||
#define VAR_FALLBACK_ENABLED 499
|
#define VAR_URL 499
|
||||||
#define VAR_TLS_ADDITIONAL_PORT 500
|
#define VAR_FOR_DOWNSTREAM 500
|
||||||
#define VAR_LOW_RTT 501
|
#define VAR_FALLBACK_ENABLED 501
|
||||||
#define VAR_LOW_RTT_PERMIL 502
|
#define VAR_TLS_ADDITIONAL_PORT 502
|
||||||
#define VAR_FAST_SERVER_PERMIL 503
|
#define VAR_LOW_RTT 503
|
||||||
#define VAR_FAST_SERVER_NUM 504
|
#define VAR_LOW_RTT_PERMIL 504
|
||||||
#define VAR_ALLOW_NOTIFY 505
|
#define VAR_FAST_SERVER_PERMIL 505
|
||||||
#define VAR_TLS_WIN_CERT 506
|
#define VAR_FAST_SERVER_NUM 506
|
||||||
#define VAR_TCP_CONNECTION_LIMIT 507
|
#define VAR_ALLOW_NOTIFY 507
|
||||||
#define VAR_FORWARD_NO_CACHE 508
|
#define VAR_TLS_WIN_CERT 508
|
||||||
#define VAR_STUB_NO_CACHE 509
|
#define VAR_TCP_CONNECTION_LIMIT 509
|
||||||
#define VAR_LOG_SERVFAIL 510
|
#define VAR_FORWARD_NO_CACHE 510
|
||||||
|
#define VAR_STUB_NO_CACHE 511
|
||||||
|
#define VAR_LOG_SERVFAIL 512
|
||||||
|
|
||||||
/* Value type. */
|
/* Value type. */
|
||||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||||
|
|
@ -564,7 +568,7 @@ union YYSTYPE
|
||||||
|
|
||||||
char* str;
|
char* str;
|
||||||
|
|
||||||
#line 568 "util/configparser.h" /* yacc.c:1909 */
|
#line 572 "util/configparser.h" /* yacc.c:1909 */
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef union YYSTYPE YYSTYPE;
|
typedef union YYSTYPE YYSTYPE;
|
||||||
|
|
|
||||||
|
|
@ -135,6 +135,7 @@ extern struct config_parser_state* cfg_parser;
|
||||||
%token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
|
%token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
|
||||||
%token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
|
%token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
|
||||||
%token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
|
%token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
|
||||||
|
%token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
|
||||||
%token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
|
%token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
|
||||||
%token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
|
%token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
|
||||||
%token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
|
%token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
|
||||||
|
|
@ -238,6 +239,7 @@ content_server: server_num_threads | server_verbosity | server_port |
|
||||||
server_client_subnet_zone | server_client_subnet_always_forward |
|
server_client_subnet_zone | server_client_subnet_always_forward |
|
||||||
server_client_subnet_opcode |
|
server_client_subnet_opcode |
|
||||||
server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
|
server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
|
||||||
|
server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
|
||||||
server_caps_whitelist | server_cache_max_negative_ttl |
|
server_caps_whitelist | server_cache_max_negative_ttl |
|
||||||
server_permit_small_holddown | server_qname_minimisation |
|
server_permit_small_holddown | server_qname_minimisation |
|
||||||
server_ip_freebind | server_define_tag | server_local_zone_tag |
|
server_ip_freebind | server_define_tag | server_local_zone_tag |
|
||||||
|
|
@ -494,6 +496,36 @@ server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
|
||||||
free($2);
|
free($2);
|
||||||
}
|
}
|
||||||
;
|
;
|
||||||
|
server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
|
||||||
|
{
|
||||||
|
#ifdef CLIENT_SUBNET
|
||||||
|
OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
|
||||||
|
if(atoi($2) == 0 && strcmp($2, "0") != 0)
|
||||||
|
yyerror("IPv4 ECS tree size expected");
|
||||||
|
else if (atoi($2) < 0)
|
||||||
|
cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
|
||||||
|
else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
|
||||||
|
#else
|
||||||
|
OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
|
||||||
|
#endif
|
||||||
|
free($2);
|
||||||
|
}
|
||||||
|
;
|
||||||
|
server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
|
||||||
|
{
|
||||||
|
#ifdef CLIENT_SUBNET
|
||||||
|
OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
|
||||||
|
if(atoi($2) == 0 && strcmp($2, "0") != 0)
|
||||||
|
yyerror("IPv6 ECS tree size expected");
|
||||||
|
else if (atoi($2) < 0)
|
||||||
|
cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
|
||||||
|
else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
|
||||||
|
#else
|
||||||
|
OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
|
||||||
|
#endif
|
||||||
|
free($2);
|
||||||
|
}
|
||||||
|
;
|
||||||
server_interface: VAR_INTERFACE STRING_ARG
|
server_interface: VAR_INTERFACE STRING_ARG
|
||||||
{
|
{
|
||||||
OUTYY(("P(server_interface:%s)\n", $2));
|
OUTYY(("P(server_interface:%s)\n", $2));
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue