mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-24 00:29:58 -05:00
- Option to toggle udp-connect, default is enabled.
This commit is contained in:
W.C.A. Wijngaards
parent
cca128b871
commit
9cc8aa1ddf
15 changed files with 4382 additions and 4320 deletions
|
|
@ -1807,7 +1807,7 @@ worker_init(struct worker* worker, struct config_file *cfg,
|
||||||
&worker_alloc_cleanup, worker,
|
&worker_alloc_cleanup, worker,
|
||||||
cfg->do_udp || cfg->udp_upstream_without_downstream,
|
cfg->do_udp || cfg->udp_upstream_without_downstream,
|
||||||
worker->daemon->connect_sslctx, cfg->delay_close,
|
worker->daemon->connect_sslctx, cfg->delay_close,
|
||||||
cfg->tls_use_sni, dtenv);
|
cfg->tls_use_sni, dtenv, cfg->udp_connect);
|
||||||
if(!worker->back) {
|
if(!worker->back) {
|
||||||
log_err("could not create outgoing sockets");
|
log_err("could not create outgoing sockets");
|
||||||
worker_delete(worker);
|
worker_delete(worker);
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@
|
||||||
failed to list interfaces: getifaddrs: Address family not
|
failed to list interfaces: getifaddrs: Address family not
|
||||||
supported by protocol.
|
supported by protocol.
|
||||||
- Fix #347: IP_DONTFRAG broken on Apple xcode 12.2.
|
- Fix #347: IP_DONTFRAG broken on Apple xcode 12.2.
|
||||||
|
- Option to toggle udp-connect, default is enabled.
|
||||||
|
|
||||||
12 November 2020: Wouter
|
12 November 2020: Wouter
|
||||||
- Fix to connect() to UDP destinations, default turned on,
|
- Fix to connect() to UDP destinations, default turned on,
|
||||||
|
|
|
||||||
|
|
@ -161,6 +161,9 @@ server:
|
||||||
# msec to wait before close of port on timeout UDP. 0 disables.
|
# msec to wait before close of port on timeout UDP. 0 disables.
|
||||||
# delay-close: 0
|
# delay-close: 0
|
||||||
|
|
||||||
|
# perform connect for UDP sockets to mitigate ICMP side channel.
|
||||||
|
# udp-connect: yes
|
||||||
|
|
||||||
# msec for waiting for an unknown server to reply. Increase if you
|
# msec for waiting for an unknown server to reply. Increase if you
|
||||||
# are behind a slow satellite link, to eg. 1128.
|
# are behind a slow satellite link, to eg. 1128.
|
||||||
# unknown-server-time-limit: 376
|
# unknown-server-time-limit: 376
|
||||||
|
|
|
||||||
|
|
@ -274,6 +274,10 @@ eg. 1500 msec. When timeouts happen you need extra sockets, it checks
|
||||||
the ID and remote IP of packets, and unwanted packets are added to the
|
the ID and remote IP of packets, and unwanted packets are added to the
|
||||||
unwanted packet counter.
|
unwanted packet counter.
|
||||||
.TP
|
.TP
|
||||||
|
.B udp\-connect: \fI<yes or no>
|
||||||
|
Perform connect for UDP sockets that mitigates ICMP side channel leakage.
|
||||||
|
Default is yes.
|
||||||
|
.TP
|
||||||
.B unknown\-server\-time\-limit: \fI<msec>
|
.B unknown\-server\-time\-limit: \fI<msec>
|
||||||
The wait time in msec for waiting for an unknown server to reply.
|
The wait time in msec for waiting for an unknown server to reply.
|
||||||
Increase this if you are behind a slow satellite link, to eg. 1128.
|
Increase this if you are behind a slow satellite link, to eg. 1128.
|
||||||
|
|
|
||||||
|
|
@ -238,7 +238,7 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb)
|
||||||
ports, numports, cfg->unwanted_threshold,
|
ports, numports, cfg->unwanted_threshold,
|
||||||
cfg->outgoing_tcp_mss, &libworker_alloc_cleanup, w,
|
cfg->outgoing_tcp_mss, &libworker_alloc_cleanup, w,
|
||||||
cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx,
|
cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx,
|
||||||
cfg->delay_close, cfg->tls_use_sni, NULL);
|
cfg->delay_close, cfg->tls_use_sni, NULL, cfg->udp_connect);
|
||||||
w->env->outnet = w->back;
|
w->env->outnet = w->back;
|
||||||
if(!w->is_bg || w->is_bg_thread) {
|
if(!w->is_bg || w->is_bg_thread) {
|
||||||
lock_basic_unlock(&ctx->cfglock);
|
lock_basic_unlock(&ctx->cfglock);
|
||||||
|
|
|
||||||
|
|
@ -723,7 +723,8 @@ outside_network_create(struct comm_base *base, size_t bufsize,
|
||||||
struct ub_randstate* rnd, int use_caps_for_id, int* availports,
|
struct ub_randstate* rnd, int use_caps_for_id, int* availports,
|
||||||
int numavailports, size_t unwanted_threshold, int tcp_mss,
|
int numavailports, size_t unwanted_threshold, int tcp_mss,
|
||||||
void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
|
void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
|
||||||
void* sslctx, int delayclose, int tls_use_sni, struct dt_env* dtenv)
|
void* sslctx, int delayclose, int tls_use_sni, struct dt_env* dtenv,
|
||||||
|
int udp_connect)
|
||||||
{
|
{
|
||||||
struct outside_network* outnet = (struct outside_network*)
|
struct outside_network* outnet = (struct outside_network*)
|
||||||
calloc(1, sizeof(struct outside_network));
|
calloc(1, sizeof(struct outside_network));
|
||||||
|
|
@ -761,6 +762,9 @@ outside_network_create(struct comm_base *base, size_t bufsize,
|
||||||
outnet->delay_tv.tv_usec = (delayclose%1000)*1000;
|
outnet->delay_tv.tv_usec = (delayclose%1000)*1000;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
if(udp_connect) {
|
||||||
|
outnet->udp_connect = 1;
|
||||||
|
}
|
||||||
if(numavailports == 0 || num_ports == 0) {
|
if(numavailports == 0 || num_ports == 0) {
|
||||||
log_err("no outgoing ports available");
|
log_err("no outgoing ports available");
|
||||||
outside_network_delete(outnet);
|
outside_network_delete(outnet);
|
||||||
|
|
@ -1115,7 +1119,7 @@ select_ifport(struct outside_network* outnet, struct pending* pend,
|
||||||
my_if = ub_random_max(outnet->rnd, num_if);
|
my_if = ub_random_max(outnet->rnd, num_if);
|
||||||
pif = &ifs[my_if];
|
pif = &ifs[my_if];
|
||||||
#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION
|
#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION
|
||||||
if(1) {
|
if(outnet->udp_connect) {
|
||||||
/* if we connect() we cannot reuse fds for a port */
|
/* if we connect() we cannot reuse fds for a port */
|
||||||
if(pif->inuse >= pif->avail_total) {
|
if(pif->inuse >= pif->avail_total) {
|
||||||
tries++;
|
tries++;
|
||||||
|
|
@ -1151,7 +1155,7 @@ select_ifport(struct outside_network* outnet, struct pending* pend,
|
||||||
if(fd != -1) {
|
if(fd != -1) {
|
||||||
verbose(VERB_ALGO, "opened UDP if=%d port=%d",
|
verbose(VERB_ALGO, "opened UDP if=%d port=%d",
|
||||||
my_if, portno);
|
my_if, portno);
|
||||||
if(1) {
|
if(outnet->udp_connect) {
|
||||||
/* connect() to the destination */
|
/* connect() to the destination */
|
||||||
if(connect(fd, (struct sockaddr*)&pend->addr,
|
if(connect(fd, (struct sockaddr*)&pend->addr,
|
||||||
pend->addrlen) < 0) {
|
pend->addrlen) < 0) {
|
||||||
|
|
|
||||||
|
|
@ -106,6 +106,9 @@ struct outside_network {
|
||||||
int delayclose;
|
int delayclose;
|
||||||
/** timeout for delayclose */
|
/** timeout for delayclose */
|
||||||
struct timeval delay_tv;
|
struct timeval delay_tv;
|
||||||
|
/** if we perform udp-connect, connect() for UDP socket to mitigate
|
||||||
|
* ICMP side channel leakage */
|
||||||
|
int udp_connect;
|
||||||
|
|
||||||
/** array of outgoing IP4 interfaces */
|
/** array of outgoing IP4 interfaces */
|
||||||
struct port_if* ip4_ifs;
|
struct port_if* ip4_ifs;
|
||||||
|
|
@ -421,6 +424,7 @@ struct serviced_query {
|
||||||
* msec to wait on timeouted udp sockets.
|
* msec to wait on timeouted udp sockets.
|
||||||
* @param tls_use_sni: if SNI is used for TLS connections.
|
* @param tls_use_sni: if SNI is used for TLS connections.
|
||||||
* @param dtenv: environment to send dnstap events with (if enabled).
|
* @param dtenv: environment to send dnstap events with (if enabled).
|
||||||
|
* @param udp_connect: if the udp_connect option is enabled.
|
||||||
* @return: the new structure (with no pending answers) or NULL on error.
|
* @return: the new structure (with no pending answers) or NULL on error.
|
||||||
*/
|
*/
|
||||||
struct outside_network* outside_network_create(struct comm_base* base,
|
struct outside_network* outside_network_create(struct comm_base* base,
|
||||||
|
|
@ -429,7 +433,8 @@ struct outside_network* outside_network_create(struct comm_base* base,
|
||||||
struct ub_randstate* rnd, int use_caps_for_id, int* availports,
|
struct ub_randstate* rnd, int use_caps_for_id, int* availports,
|
||||||
int numavailports, size_t unwanted_threshold, int tcp_mss,
|
int numavailports, size_t unwanted_threshold, int tcp_mss,
|
||||||
void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
|
void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
|
||||||
void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv);
|
void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv,
|
||||||
|
int udp_connect);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Delete outside_network structure.
|
* Delete outside_network structure.
|
||||||
|
|
|
||||||
|
|
@ -1045,7 +1045,7 @@ outside_network_create(struct comm_base* base, size_t bufsize,
|
||||||
void (*unwanted_action)(void*), void* ATTR_UNUSED(unwanted_param),
|
void (*unwanted_action)(void*), void* ATTR_UNUSED(unwanted_param),
|
||||||
int ATTR_UNUSED(do_udp), void* ATTR_UNUSED(sslctx),
|
int ATTR_UNUSED(do_udp), void* ATTR_UNUSED(sslctx),
|
||||||
int ATTR_UNUSED(delayclose), int ATTR_UNUSED(tls_use_sni),
|
int ATTR_UNUSED(delayclose), int ATTR_UNUSED(tls_use_sni),
|
||||||
struct dt_env* ATTR_UNUSED(dtenv))
|
struct dt_env* ATTR_UNUSED(dtenv), int ATTR_UNUSED(udp_connect))
|
||||||
{
|
{
|
||||||
struct replay_runtime* runtime = (struct replay_runtime*)base;
|
struct replay_runtime* runtime = (struct replay_runtime*)base;
|
||||||
struct outside_network* outnet = calloc(1,
|
struct outside_network* outnet = calloc(1,
|
||||||
|
|
|
||||||
|
|
@ -172,6 +172,7 @@ config_create(void)
|
||||||
cfg->infra_cache_min_rtt = 50;
|
cfg->infra_cache_min_rtt = 50;
|
||||||
cfg->infra_keep_probing = 0;
|
cfg->infra_keep_probing = 0;
|
||||||
cfg->delay_close = 0;
|
cfg->delay_close = 0;
|
||||||
|
cfg->udp_connect = 1;
|
||||||
if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int))))
|
if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int))))
|
||||||
goto error_exit;
|
goto error_exit;
|
||||||
init_outgoing_availports(cfg->outgoing_avail_ports, 65536);
|
init_outgoing_availports(cfg->outgoing_avail_ports, 65536);
|
||||||
|
|
@ -569,6 +570,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
||||||
else S_POW2("infra-cache-slabs:", infra_cache_slabs)
|
else S_POW2("infra-cache-slabs:", infra_cache_slabs)
|
||||||
else S_SIZET_NONZERO("infra-cache-numhosts:", infra_cache_numhosts)
|
else S_SIZET_NONZERO("infra-cache-numhosts:", infra_cache_numhosts)
|
||||||
else S_NUMBER_OR_ZERO("delay-close:", delay_close)
|
else S_NUMBER_OR_ZERO("delay-close:", delay_close)
|
||||||
|
else S_YNO("udp-connect:", udp_connect)
|
||||||
else S_STR("chroot:", chrootdir)
|
else S_STR("chroot:", chrootdir)
|
||||||
else S_STR("username:", username)
|
else S_STR("username:", username)
|
||||||
else S_STR("directory:", directory)
|
else S_STR("directory:", directory)
|
||||||
|
|
@ -964,6 +966,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
||||||
else O_YNO(opt, "infra-keep-probing", infra_keep_probing)
|
else O_YNO(opt, "infra-keep-probing", infra_keep_probing)
|
||||||
else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts)
|
else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts)
|
||||||
else O_UNS(opt, "delay-close", delay_close)
|
else O_UNS(opt, "delay-close", delay_close)
|
||||||
|
else O_YNO(opt, "udp-connect", udp_connect)
|
||||||
else O_YNO(opt, "do-ip4", do_ip4)
|
else O_YNO(opt, "do-ip4", do_ip4)
|
||||||
else O_YNO(opt, "do-ip6", do_ip6)
|
else O_YNO(opt, "do-ip6", do_ip6)
|
||||||
else O_YNO(opt, "do-udp", do_udp)
|
else O_YNO(opt, "do-udp", do_udp)
|
||||||
|
|
|
||||||
|
|
@ -185,6 +185,8 @@ struct config_file {
|
||||||
int infra_keep_probing;
|
int infra_keep_probing;
|
||||||
/** delay close of udp-timeouted ports, if 0 no delayclose. in msec */
|
/** delay close of udp-timeouted ports, if 0 no delayclose. in msec */
|
||||||
int delay_close;
|
int delay_close;
|
||||||
|
/** udp_connect enable uses UDP connect to mitigate ICMP side channel */
|
||||||
|
int udp_connect;
|
||||||
|
|
||||||
/** the target fetch policy for the iterator */
|
/** the target fetch policy for the iterator */
|
||||||
char* target_fetch_policy;
|
char* target_fetch_policy;
|
||||||
|
|
|
||||||
4874
util/configlexer.c
4874
util/configlexer.c
File diff suppressed because it is too large
Load diff
|
|
@ -301,6 +301,7 @@ infra-keep-probing{COLON} { YDVAR(1, VAR_INFRA_KEEP_PROBING) }
|
||||||
num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }
|
num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }
|
||||||
jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) }
|
jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) }
|
||||||
delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) }
|
delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) }
|
||||||
|
udp-connect{COLON} { YDVAR(1, VAR_UDP_CONNECT) }
|
||||||
target-fetch-policy{COLON} { YDVAR(1, VAR_TARGET_FETCH_POLICY) }
|
target-fetch-policy{COLON} { YDVAR(1, VAR_TARGET_FETCH_POLICY) }
|
||||||
harden-short-bufsize{COLON} { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) }
|
harden-short-bufsize{COLON} { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) }
|
||||||
harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) }
|
harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) }
|
||||||
|
|
|
||||||
3182
util/configparser.c
3182
util/configparser.c
File diff suppressed because it is too large
Load diff
|
|
@ -200,154 +200,155 @@ extern int yydebug;
|
||||||
VAR_RRSET_ROUNDROBIN = 406,
|
VAR_RRSET_ROUNDROBIN = 406,
|
||||||
VAR_MAX_UDP_SIZE = 407,
|
VAR_MAX_UDP_SIZE = 407,
|
||||||
VAR_DELAY_CLOSE = 408,
|
VAR_DELAY_CLOSE = 408,
|
||||||
VAR_UNBLOCK_LAN_ZONES = 409,
|
VAR_UDP_CONNECT = 409,
|
||||||
VAR_INSECURE_LAN_ZONES = 410,
|
VAR_UNBLOCK_LAN_ZONES = 410,
|
||||||
VAR_INFRA_CACHE_MIN_RTT = 411,
|
VAR_INSECURE_LAN_ZONES = 411,
|
||||||
VAR_INFRA_KEEP_PROBING = 412,
|
VAR_INFRA_CACHE_MIN_RTT = 412,
|
||||||
VAR_DNS64_PREFIX = 413,
|
VAR_INFRA_KEEP_PROBING = 413,
|
||||||
VAR_DNS64_SYNTHALL = 414,
|
VAR_DNS64_PREFIX = 414,
|
||||||
VAR_DNS64_IGNORE_AAAA = 415,
|
VAR_DNS64_SYNTHALL = 415,
|
||||||
VAR_DNSTAP = 416,
|
VAR_DNS64_IGNORE_AAAA = 416,
|
||||||
VAR_DNSTAP_ENABLE = 417,
|
VAR_DNSTAP = 417,
|
||||||
VAR_DNSTAP_SOCKET_PATH = 418,
|
VAR_DNSTAP_ENABLE = 418,
|
||||||
VAR_DNSTAP_IP = 419,
|
VAR_DNSTAP_SOCKET_PATH = 419,
|
||||||
VAR_DNSTAP_TLS = 420,
|
VAR_DNSTAP_IP = 420,
|
||||||
VAR_DNSTAP_TLS_SERVER_NAME = 421,
|
VAR_DNSTAP_TLS = 421,
|
||||||
VAR_DNSTAP_TLS_CERT_BUNDLE = 422,
|
VAR_DNSTAP_TLS_SERVER_NAME = 422,
|
||||||
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 423,
|
VAR_DNSTAP_TLS_CERT_BUNDLE = 423,
|
||||||
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 424,
|
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424,
|
||||||
VAR_DNSTAP_SEND_IDENTITY = 425,
|
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425,
|
||||||
VAR_DNSTAP_SEND_VERSION = 426,
|
VAR_DNSTAP_SEND_IDENTITY = 426,
|
||||||
VAR_DNSTAP_BIDIRECTIONAL = 427,
|
VAR_DNSTAP_SEND_VERSION = 427,
|
||||||
VAR_DNSTAP_IDENTITY = 428,
|
VAR_DNSTAP_BIDIRECTIONAL = 428,
|
||||||
VAR_DNSTAP_VERSION = 429,
|
VAR_DNSTAP_IDENTITY = 429,
|
||||||
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 430,
|
VAR_DNSTAP_VERSION = 430,
|
||||||
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 431,
|
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431,
|
||||||
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 432,
|
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432,
|
||||||
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 433,
|
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433,
|
||||||
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 434,
|
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434,
|
||||||
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 435,
|
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435,
|
||||||
VAR_RESPONSE_IP_TAG = 436,
|
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436,
|
||||||
VAR_RESPONSE_IP = 437,
|
VAR_RESPONSE_IP_TAG = 437,
|
||||||
VAR_RESPONSE_IP_DATA = 438,
|
VAR_RESPONSE_IP = 438,
|
||||||
VAR_HARDEN_ALGO_DOWNGRADE = 439,
|
VAR_RESPONSE_IP_DATA = 439,
|
||||||
VAR_IP_TRANSPARENT = 440,
|
VAR_HARDEN_ALGO_DOWNGRADE = 440,
|
||||||
VAR_IP_DSCP = 441,
|
VAR_IP_TRANSPARENT = 441,
|
||||||
VAR_DISABLE_DNSSEC_LAME_CHECK = 442,
|
VAR_IP_DSCP = 442,
|
||||||
VAR_IP_RATELIMIT = 443,
|
VAR_DISABLE_DNSSEC_LAME_CHECK = 443,
|
||||||
VAR_IP_RATELIMIT_SLABS = 444,
|
VAR_IP_RATELIMIT = 444,
|
||||||
VAR_IP_RATELIMIT_SIZE = 445,
|
VAR_IP_RATELIMIT_SLABS = 445,
|
||||||
VAR_RATELIMIT = 446,
|
VAR_IP_RATELIMIT_SIZE = 446,
|
||||||
VAR_RATELIMIT_SLABS = 447,
|
VAR_RATELIMIT = 447,
|
||||||
VAR_RATELIMIT_SIZE = 448,
|
VAR_RATELIMIT_SLABS = 448,
|
||||||
VAR_RATELIMIT_FOR_DOMAIN = 449,
|
VAR_RATELIMIT_SIZE = 449,
|
||||||
VAR_RATELIMIT_BELOW_DOMAIN = 450,
|
VAR_RATELIMIT_FOR_DOMAIN = 450,
|
||||||
VAR_IP_RATELIMIT_FACTOR = 451,
|
VAR_RATELIMIT_BELOW_DOMAIN = 451,
|
||||||
VAR_RATELIMIT_FACTOR = 452,
|
VAR_IP_RATELIMIT_FACTOR = 452,
|
||||||
VAR_SEND_CLIENT_SUBNET = 453,
|
VAR_RATELIMIT_FACTOR = 453,
|
||||||
VAR_CLIENT_SUBNET_ZONE = 454,
|
VAR_SEND_CLIENT_SUBNET = 454,
|
||||||
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 455,
|
VAR_CLIENT_SUBNET_ZONE = 455,
|
||||||
VAR_CLIENT_SUBNET_OPCODE = 456,
|
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456,
|
||||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 457,
|
VAR_CLIENT_SUBNET_OPCODE = 457,
|
||||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 458,
|
VAR_MAX_CLIENT_SUBNET_IPV4 = 458,
|
||||||
VAR_MIN_CLIENT_SUBNET_IPV4 = 459,
|
VAR_MAX_CLIENT_SUBNET_IPV6 = 459,
|
||||||
VAR_MIN_CLIENT_SUBNET_IPV6 = 460,
|
VAR_MIN_CLIENT_SUBNET_IPV4 = 460,
|
||||||
VAR_MAX_ECS_TREE_SIZE_IPV4 = 461,
|
VAR_MIN_CLIENT_SUBNET_IPV6 = 461,
|
||||||
VAR_MAX_ECS_TREE_SIZE_IPV6 = 462,
|
VAR_MAX_ECS_TREE_SIZE_IPV4 = 462,
|
||||||
VAR_CAPS_WHITELIST = 463,
|
VAR_MAX_ECS_TREE_SIZE_IPV6 = 463,
|
||||||
VAR_CACHE_MAX_NEGATIVE_TTL = 464,
|
VAR_CAPS_WHITELIST = 464,
|
||||||
VAR_PERMIT_SMALL_HOLDDOWN = 465,
|
VAR_CACHE_MAX_NEGATIVE_TTL = 465,
|
||||||
VAR_QNAME_MINIMISATION = 466,
|
VAR_PERMIT_SMALL_HOLDDOWN = 466,
|
||||||
VAR_QNAME_MINIMISATION_STRICT = 467,
|
VAR_QNAME_MINIMISATION = 467,
|
||||||
VAR_IP_FREEBIND = 468,
|
VAR_QNAME_MINIMISATION_STRICT = 468,
|
||||||
VAR_DEFINE_TAG = 469,
|
VAR_IP_FREEBIND = 469,
|
||||||
VAR_LOCAL_ZONE_TAG = 470,
|
VAR_DEFINE_TAG = 470,
|
||||||
VAR_ACCESS_CONTROL_TAG = 471,
|
VAR_LOCAL_ZONE_TAG = 471,
|
||||||
VAR_LOCAL_ZONE_OVERRIDE = 472,
|
VAR_ACCESS_CONTROL_TAG = 472,
|
||||||
VAR_ACCESS_CONTROL_TAG_ACTION = 473,
|
VAR_LOCAL_ZONE_OVERRIDE = 473,
|
||||||
VAR_ACCESS_CONTROL_TAG_DATA = 474,
|
VAR_ACCESS_CONTROL_TAG_ACTION = 474,
|
||||||
VAR_VIEW = 475,
|
VAR_ACCESS_CONTROL_TAG_DATA = 475,
|
||||||
VAR_ACCESS_CONTROL_VIEW = 476,
|
VAR_VIEW = 476,
|
||||||
VAR_VIEW_FIRST = 477,
|
VAR_ACCESS_CONTROL_VIEW = 477,
|
||||||
VAR_SERVE_EXPIRED = 478,
|
VAR_VIEW_FIRST = 478,
|
||||||
VAR_SERVE_EXPIRED_TTL = 479,
|
VAR_SERVE_EXPIRED = 479,
|
||||||
VAR_SERVE_EXPIRED_TTL_RESET = 480,
|
VAR_SERVE_EXPIRED_TTL = 480,
|
||||||
VAR_SERVE_EXPIRED_REPLY_TTL = 481,
|
VAR_SERVE_EXPIRED_TTL_RESET = 481,
|
||||||
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 482,
|
VAR_SERVE_EXPIRED_REPLY_TTL = 482,
|
||||||
VAR_FAKE_DSA = 483,
|
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483,
|
||||||
VAR_FAKE_SHA1 = 484,
|
VAR_FAKE_DSA = 484,
|
||||||
VAR_LOG_IDENTITY = 485,
|
VAR_FAKE_SHA1 = 485,
|
||||||
VAR_HIDE_TRUSTANCHOR = 486,
|
VAR_LOG_IDENTITY = 486,
|
||||||
VAR_TRUST_ANCHOR_SIGNALING = 487,
|
VAR_HIDE_TRUSTANCHOR = 487,
|
||||||
VAR_AGGRESSIVE_NSEC = 488,
|
VAR_TRUST_ANCHOR_SIGNALING = 488,
|
||||||
VAR_USE_SYSTEMD = 489,
|
VAR_AGGRESSIVE_NSEC = 489,
|
||||||
VAR_SHM_ENABLE = 490,
|
VAR_USE_SYSTEMD = 490,
|
||||||
VAR_SHM_KEY = 491,
|
VAR_SHM_ENABLE = 491,
|
||||||
VAR_ROOT_KEY_SENTINEL = 492,
|
VAR_SHM_KEY = 492,
|
||||||
VAR_DNSCRYPT = 493,
|
VAR_ROOT_KEY_SENTINEL = 493,
|
||||||
VAR_DNSCRYPT_ENABLE = 494,
|
VAR_DNSCRYPT = 494,
|
||||||
VAR_DNSCRYPT_PORT = 495,
|
VAR_DNSCRYPT_ENABLE = 495,
|
||||||
VAR_DNSCRYPT_PROVIDER = 496,
|
VAR_DNSCRYPT_PORT = 496,
|
||||||
VAR_DNSCRYPT_SECRET_KEY = 497,
|
VAR_DNSCRYPT_PROVIDER = 497,
|
||||||
VAR_DNSCRYPT_PROVIDER_CERT = 498,
|
VAR_DNSCRYPT_SECRET_KEY = 498,
|
||||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 499,
|
VAR_DNSCRYPT_PROVIDER_CERT = 499,
|
||||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 500,
|
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 500,
|
||||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 501,
|
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 501,
|
||||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 502,
|
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 502,
|
||||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 503,
|
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 503,
|
||||||
VAR_IPSECMOD_ENABLED = 504,
|
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 504,
|
||||||
VAR_IPSECMOD_HOOK = 505,
|
VAR_IPSECMOD_ENABLED = 505,
|
||||||
VAR_IPSECMOD_IGNORE_BOGUS = 506,
|
VAR_IPSECMOD_HOOK = 506,
|
||||||
VAR_IPSECMOD_MAX_TTL = 507,
|
VAR_IPSECMOD_IGNORE_BOGUS = 507,
|
||||||
VAR_IPSECMOD_WHITELIST = 508,
|
VAR_IPSECMOD_MAX_TTL = 508,
|
||||||
VAR_IPSECMOD_STRICT = 509,
|
VAR_IPSECMOD_WHITELIST = 509,
|
||||||
VAR_CACHEDB = 510,
|
VAR_IPSECMOD_STRICT = 510,
|
||||||
VAR_CACHEDB_BACKEND = 511,
|
VAR_CACHEDB = 511,
|
||||||
VAR_CACHEDB_SECRETSEED = 512,
|
VAR_CACHEDB_BACKEND = 512,
|
||||||
VAR_CACHEDB_REDISHOST = 513,
|
VAR_CACHEDB_SECRETSEED = 513,
|
||||||
VAR_CACHEDB_REDISPORT = 514,
|
VAR_CACHEDB_REDISHOST = 514,
|
||||||
VAR_CACHEDB_REDISTIMEOUT = 515,
|
VAR_CACHEDB_REDISPORT = 515,
|
||||||
VAR_CACHEDB_REDISEXPIRERECORDS = 516,
|
VAR_CACHEDB_REDISTIMEOUT = 516,
|
||||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 517,
|
VAR_CACHEDB_REDISEXPIRERECORDS = 517,
|
||||||
VAR_FOR_UPSTREAM = 518,
|
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 518,
|
||||||
VAR_AUTH_ZONE = 519,
|
VAR_FOR_UPSTREAM = 519,
|
||||||
VAR_ZONEFILE = 520,
|
VAR_AUTH_ZONE = 520,
|
||||||
VAR_MASTER = 521,
|
VAR_ZONEFILE = 521,
|
||||||
VAR_URL = 522,
|
VAR_MASTER = 522,
|
||||||
VAR_FOR_DOWNSTREAM = 523,
|
VAR_URL = 523,
|
||||||
VAR_FALLBACK_ENABLED = 524,
|
VAR_FOR_DOWNSTREAM = 524,
|
||||||
VAR_TLS_ADDITIONAL_PORT = 525,
|
VAR_FALLBACK_ENABLED = 525,
|
||||||
VAR_LOW_RTT = 526,
|
VAR_TLS_ADDITIONAL_PORT = 526,
|
||||||
VAR_LOW_RTT_PERMIL = 527,
|
VAR_LOW_RTT = 527,
|
||||||
VAR_FAST_SERVER_PERMIL = 528,
|
VAR_LOW_RTT_PERMIL = 528,
|
||||||
VAR_FAST_SERVER_NUM = 529,
|
VAR_FAST_SERVER_PERMIL = 529,
|
||||||
VAR_ALLOW_NOTIFY = 530,
|
VAR_FAST_SERVER_NUM = 530,
|
||||||
VAR_TLS_WIN_CERT = 531,
|
VAR_ALLOW_NOTIFY = 531,
|
||||||
VAR_TCP_CONNECTION_LIMIT = 532,
|
VAR_TLS_WIN_CERT = 532,
|
||||||
VAR_FORWARD_NO_CACHE = 533,
|
VAR_TCP_CONNECTION_LIMIT = 533,
|
||||||
VAR_STUB_NO_CACHE = 534,
|
VAR_FORWARD_NO_CACHE = 534,
|
||||||
VAR_LOG_SERVFAIL = 535,
|
VAR_STUB_NO_CACHE = 535,
|
||||||
VAR_DENY_ANY = 536,
|
VAR_LOG_SERVFAIL = 536,
|
||||||
VAR_UNKNOWN_SERVER_TIME_LIMIT = 537,
|
VAR_DENY_ANY = 537,
|
||||||
VAR_LOG_TAG_QUERYREPLY = 538,
|
VAR_UNKNOWN_SERVER_TIME_LIMIT = 538,
|
||||||
VAR_STREAM_WAIT_SIZE = 539,
|
VAR_LOG_TAG_QUERYREPLY = 539,
|
||||||
VAR_TLS_CIPHERS = 540,
|
VAR_STREAM_WAIT_SIZE = 540,
|
||||||
VAR_TLS_CIPHERSUITES = 541,
|
VAR_TLS_CIPHERS = 541,
|
||||||
VAR_TLS_USE_SNI = 542,
|
VAR_TLS_CIPHERSUITES = 542,
|
||||||
VAR_IPSET = 543,
|
VAR_TLS_USE_SNI = 543,
|
||||||
VAR_IPSET_NAME_V4 = 544,
|
VAR_IPSET = 544,
|
||||||
VAR_IPSET_NAME_V6 = 545,
|
VAR_IPSET_NAME_V4 = 545,
|
||||||
VAR_TLS_SESSION_TICKET_KEYS = 546,
|
VAR_IPSET_NAME_V6 = 546,
|
||||||
VAR_RPZ = 547,
|
VAR_TLS_SESSION_TICKET_KEYS = 547,
|
||||||
VAR_TAGS = 548,
|
VAR_RPZ = 548,
|
||||||
VAR_RPZ_ACTION_OVERRIDE = 549,
|
VAR_TAGS = 549,
|
||||||
VAR_RPZ_CNAME_OVERRIDE = 550,
|
VAR_RPZ_ACTION_OVERRIDE = 550,
|
||||||
VAR_RPZ_LOG = 551,
|
VAR_RPZ_CNAME_OVERRIDE = 551,
|
||||||
VAR_RPZ_LOG_NAME = 552,
|
VAR_RPZ_LOG = 552,
|
||||||
VAR_DYNLIB = 553,
|
VAR_RPZ_LOG_NAME = 553,
|
||||||
VAR_DYNLIB_FILE = 554,
|
VAR_DYNLIB = 554,
|
||||||
VAR_EDNS_CLIENT_TAG = 555,
|
VAR_DYNLIB_FILE = 555,
|
||||||
VAR_EDNS_CLIENT_TAG_OPCODE = 556
|
VAR_EDNS_CLIENT_TAG = 556,
|
||||||
|
VAR_EDNS_CLIENT_TAG_OPCODE = 557
|
||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
/* Tokens. */
|
/* Tokens. */
|
||||||
|
|
@ -502,154 +503,155 @@ extern int yydebug;
|
||||||
#define VAR_RRSET_ROUNDROBIN 406
|
#define VAR_RRSET_ROUNDROBIN 406
|
||||||
#define VAR_MAX_UDP_SIZE 407
|
#define VAR_MAX_UDP_SIZE 407
|
||||||
#define VAR_DELAY_CLOSE 408
|
#define VAR_DELAY_CLOSE 408
|
||||||
#define VAR_UNBLOCK_LAN_ZONES 409
|
#define VAR_UDP_CONNECT 409
|
||||||
#define VAR_INSECURE_LAN_ZONES 410
|
#define VAR_UNBLOCK_LAN_ZONES 410
|
||||||
#define VAR_INFRA_CACHE_MIN_RTT 411
|
#define VAR_INSECURE_LAN_ZONES 411
|
||||||
#define VAR_INFRA_KEEP_PROBING 412
|
#define VAR_INFRA_CACHE_MIN_RTT 412
|
||||||
#define VAR_DNS64_PREFIX 413
|
#define VAR_INFRA_KEEP_PROBING 413
|
||||||
#define VAR_DNS64_SYNTHALL 414
|
#define VAR_DNS64_PREFIX 414
|
||||||
#define VAR_DNS64_IGNORE_AAAA 415
|
#define VAR_DNS64_SYNTHALL 415
|
||||||
#define VAR_DNSTAP 416
|
#define VAR_DNS64_IGNORE_AAAA 416
|
||||||
#define VAR_DNSTAP_ENABLE 417
|
#define VAR_DNSTAP 417
|
||||||
#define VAR_DNSTAP_SOCKET_PATH 418
|
#define VAR_DNSTAP_ENABLE 418
|
||||||
#define VAR_DNSTAP_IP 419
|
#define VAR_DNSTAP_SOCKET_PATH 419
|
||||||
#define VAR_DNSTAP_TLS 420
|
#define VAR_DNSTAP_IP 420
|
||||||
#define VAR_DNSTAP_TLS_SERVER_NAME 421
|
#define VAR_DNSTAP_TLS 421
|
||||||
#define VAR_DNSTAP_TLS_CERT_BUNDLE 422
|
#define VAR_DNSTAP_TLS_SERVER_NAME 422
|
||||||
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 423
|
#define VAR_DNSTAP_TLS_CERT_BUNDLE 423
|
||||||
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 424
|
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 424
|
||||||
#define VAR_DNSTAP_SEND_IDENTITY 425
|
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 425
|
||||||
#define VAR_DNSTAP_SEND_VERSION 426
|
#define VAR_DNSTAP_SEND_IDENTITY 426
|
||||||
#define VAR_DNSTAP_BIDIRECTIONAL 427
|
#define VAR_DNSTAP_SEND_VERSION 427
|
||||||
#define VAR_DNSTAP_IDENTITY 428
|
#define VAR_DNSTAP_BIDIRECTIONAL 428
|
||||||
#define VAR_DNSTAP_VERSION 429
|
#define VAR_DNSTAP_IDENTITY 429
|
||||||
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 430
|
#define VAR_DNSTAP_VERSION 430
|
||||||
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 431
|
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 431
|
||||||
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 432
|
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 432
|
||||||
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 433
|
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 433
|
||||||
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 434
|
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 434
|
||||||
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 435
|
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 435
|
||||||
#define VAR_RESPONSE_IP_TAG 436
|
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 436
|
||||||
#define VAR_RESPONSE_IP 437
|
#define VAR_RESPONSE_IP_TAG 437
|
||||||
#define VAR_RESPONSE_IP_DATA 438
|
#define VAR_RESPONSE_IP 438
|
||||||
#define VAR_HARDEN_ALGO_DOWNGRADE 439
|
#define VAR_RESPONSE_IP_DATA 439
|
||||||
#define VAR_IP_TRANSPARENT 440
|
#define VAR_HARDEN_ALGO_DOWNGRADE 440
|
||||||
#define VAR_IP_DSCP 441
|
#define VAR_IP_TRANSPARENT 441
|
||||||
#define VAR_DISABLE_DNSSEC_LAME_CHECK 442
|
#define VAR_IP_DSCP 442
|
||||||
#define VAR_IP_RATELIMIT 443
|
#define VAR_DISABLE_DNSSEC_LAME_CHECK 443
|
||||||
#define VAR_IP_RATELIMIT_SLABS 444
|
#define VAR_IP_RATELIMIT 444
|
||||||
#define VAR_IP_RATELIMIT_SIZE 445
|
#define VAR_IP_RATELIMIT_SLABS 445
|
||||||
#define VAR_RATELIMIT 446
|
#define VAR_IP_RATELIMIT_SIZE 446
|
||||||
#define VAR_RATELIMIT_SLABS 447
|
#define VAR_RATELIMIT 447
|
||||||
#define VAR_RATELIMIT_SIZE 448
|
#define VAR_RATELIMIT_SLABS 448
|
||||||
#define VAR_RATELIMIT_FOR_DOMAIN 449
|
#define VAR_RATELIMIT_SIZE 449
|
||||||
#define VAR_RATELIMIT_BELOW_DOMAIN 450
|
#define VAR_RATELIMIT_FOR_DOMAIN 450
|
||||||
#define VAR_IP_RATELIMIT_FACTOR 451
|
#define VAR_RATELIMIT_BELOW_DOMAIN 451
|
||||||
#define VAR_RATELIMIT_FACTOR 452
|
#define VAR_IP_RATELIMIT_FACTOR 452
|
||||||
#define VAR_SEND_CLIENT_SUBNET 453
|
#define VAR_RATELIMIT_FACTOR 453
|
||||||
#define VAR_CLIENT_SUBNET_ZONE 454
|
#define VAR_SEND_CLIENT_SUBNET 454
|
||||||
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 455
|
#define VAR_CLIENT_SUBNET_ZONE 455
|
||||||
#define VAR_CLIENT_SUBNET_OPCODE 456
|
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 456
|
||||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 457
|
#define VAR_CLIENT_SUBNET_OPCODE 457
|
||||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 458
|
#define VAR_MAX_CLIENT_SUBNET_IPV4 458
|
||||||
#define VAR_MIN_CLIENT_SUBNET_IPV4 459
|
#define VAR_MAX_CLIENT_SUBNET_IPV6 459
|
||||||
#define VAR_MIN_CLIENT_SUBNET_IPV6 460
|
#define VAR_MIN_CLIENT_SUBNET_IPV4 460
|
||||||
#define VAR_MAX_ECS_TREE_SIZE_IPV4 461
|
#define VAR_MIN_CLIENT_SUBNET_IPV6 461
|
||||||
#define VAR_MAX_ECS_TREE_SIZE_IPV6 462
|
#define VAR_MAX_ECS_TREE_SIZE_IPV4 462
|
||||||
#define VAR_CAPS_WHITELIST 463
|
#define VAR_MAX_ECS_TREE_SIZE_IPV6 463
|
||||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 464
|
#define VAR_CAPS_WHITELIST 464
|
||||||
#define VAR_PERMIT_SMALL_HOLDDOWN 465
|
#define VAR_CACHE_MAX_NEGATIVE_TTL 465
|
||||||
#define VAR_QNAME_MINIMISATION 466
|
#define VAR_PERMIT_SMALL_HOLDDOWN 466
|
||||||
#define VAR_QNAME_MINIMISATION_STRICT 467
|
#define VAR_QNAME_MINIMISATION 467
|
||||||
#define VAR_IP_FREEBIND 468
|
#define VAR_QNAME_MINIMISATION_STRICT 468
|
||||||
#define VAR_DEFINE_TAG 469
|
#define VAR_IP_FREEBIND 469
|
||||||
#define VAR_LOCAL_ZONE_TAG 470
|
#define VAR_DEFINE_TAG 470
|
||||||
#define VAR_ACCESS_CONTROL_TAG 471
|
#define VAR_LOCAL_ZONE_TAG 471
|
||||||
#define VAR_LOCAL_ZONE_OVERRIDE 472
|
#define VAR_ACCESS_CONTROL_TAG 472
|
||||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 473
|
#define VAR_LOCAL_ZONE_OVERRIDE 473
|
||||||
#define VAR_ACCESS_CONTROL_TAG_DATA 474
|
#define VAR_ACCESS_CONTROL_TAG_ACTION 474
|
||||||
#define VAR_VIEW 475
|
#define VAR_ACCESS_CONTROL_TAG_DATA 475
|
||||||
#define VAR_ACCESS_CONTROL_VIEW 476
|
#define VAR_VIEW 476
|
||||||
#define VAR_VIEW_FIRST 477
|
#define VAR_ACCESS_CONTROL_VIEW 477
|
||||||
#define VAR_SERVE_EXPIRED 478
|
#define VAR_VIEW_FIRST 478
|
||||||
#define VAR_SERVE_EXPIRED_TTL 479
|
#define VAR_SERVE_EXPIRED 479
|
||||||
#define VAR_SERVE_EXPIRED_TTL_RESET 480
|
#define VAR_SERVE_EXPIRED_TTL 480
|
||||||
#define VAR_SERVE_EXPIRED_REPLY_TTL 481
|
#define VAR_SERVE_EXPIRED_TTL_RESET 481
|
||||||
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 482
|
#define VAR_SERVE_EXPIRED_REPLY_TTL 482
|
||||||
#define VAR_FAKE_DSA 483
|
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 483
|
||||||
#define VAR_FAKE_SHA1 484
|
#define VAR_FAKE_DSA 484
|
||||||
#define VAR_LOG_IDENTITY 485
|
#define VAR_FAKE_SHA1 485
|
||||||
#define VAR_HIDE_TRUSTANCHOR 486
|
#define VAR_LOG_IDENTITY 486
|
||||||
#define VAR_TRUST_ANCHOR_SIGNALING 487
|
#define VAR_HIDE_TRUSTANCHOR 487
|
||||||
#define VAR_AGGRESSIVE_NSEC 488
|
#define VAR_TRUST_ANCHOR_SIGNALING 488
|
||||||
#define VAR_USE_SYSTEMD 489
|
#define VAR_AGGRESSIVE_NSEC 489
|
||||||
#define VAR_SHM_ENABLE 490
|
#define VAR_USE_SYSTEMD 490
|
||||||
#define VAR_SHM_KEY 491
|
#define VAR_SHM_ENABLE 491
|
||||||
#define VAR_ROOT_KEY_SENTINEL 492
|
#define VAR_SHM_KEY 492
|
||||||
#define VAR_DNSCRYPT 493
|
#define VAR_ROOT_KEY_SENTINEL 493
|
||||||
#define VAR_DNSCRYPT_ENABLE 494
|
#define VAR_DNSCRYPT 494
|
||||||
#define VAR_DNSCRYPT_PORT 495
|
#define VAR_DNSCRYPT_ENABLE 495
|
||||||
#define VAR_DNSCRYPT_PROVIDER 496
|
#define VAR_DNSCRYPT_PORT 496
|
||||||
#define VAR_DNSCRYPT_SECRET_KEY 497
|
#define VAR_DNSCRYPT_PROVIDER 497
|
||||||
#define VAR_DNSCRYPT_PROVIDER_CERT 498
|
#define VAR_DNSCRYPT_SECRET_KEY 498
|
||||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 499
|
#define VAR_DNSCRYPT_PROVIDER_CERT 499
|
||||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 500
|
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 500
|
||||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 501
|
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 501
|
||||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 502
|
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 502
|
||||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 503
|
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 503
|
||||||
#define VAR_IPSECMOD_ENABLED 504
|
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 504
|
||||||
#define VAR_IPSECMOD_HOOK 505
|
#define VAR_IPSECMOD_ENABLED 505
|
||||||
#define VAR_IPSECMOD_IGNORE_BOGUS 506
|
#define VAR_IPSECMOD_HOOK 506
|
||||||
#define VAR_IPSECMOD_MAX_TTL 507
|
#define VAR_IPSECMOD_IGNORE_BOGUS 507
|
||||||
#define VAR_IPSECMOD_WHITELIST 508
|
#define VAR_IPSECMOD_MAX_TTL 508
|
||||||
#define VAR_IPSECMOD_STRICT 509
|
#define VAR_IPSECMOD_WHITELIST 509
|
||||||
#define VAR_CACHEDB 510
|
#define VAR_IPSECMOD_STRICT 510
|
||||||
#define VAR_CACHEDB_BACKEND 511
|
#define VAR_CACHEDB 511
|
||||||
#define VAR_CACHEDB_SECRETSEED 512
|
#define VAR_CACHEDB_BACKEND 512
|
||||||
#define VAR_CACHEDB_REDISHOST 513
|
#define VAR_CACHEDB_SECRETSEED 513
|
||||||
#define VAR_CACHEDB_REDISPORT 514
|
#define VAR_CACHEDB_REDISHOST 514
|
||||||
#define VAR_CACHEDB_REDISTIMEOUT 515
|
#define VAR_CACHEDB_REDISPORT 515
|
||||||
#define VAR_CACHEDB_REDISEXPIRERECORDS 516
|
#define VAR_CACHEDB_REDISTIMEOUT 516
|
||||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 517
|
#define VAR_CACHEDB_REDISEXPIRERECORDS 517
|
||||||
#define VAR_FOR_UPSTREAM 518
|
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 518
|
||||||
#define VAR_AUTH_ZONE 519
|
#define VAR_FOR_UPSTREAM 519
|
||||||
#define VAR_ZONEFILE 520
|
#define VAR_AUTH_ZONE 520
|
||||||
#define VAR_MASTER 521
|
#define VAR_ZONEFILE 521
|
||||||
#define VAR_URL 522
|
#define VAR_MASTER 522
|
||||||
#define VAR_FOR_DOWNSTREAM 523
|
#define VAR_URL 523
|
||||||
#define VAR_FALLBACK_ENABLED 524
|
#define VAR_FOR_DOWNSTREAM 524
|
||||||
#define VAR_TLS_ADDITIONAL_PORT 525
|
#define VAR_FALLBACK_ENABLED 525
|
||||||
#define VAR_LOW_RTT 526
|
#define VAR_TLS_ADDITIONAL_PORT 526
|
||||||
#define VAR_LOW_RTT_PERMIL 527
|
#define VAR_LOW_RTT 527
|
||||||
#define VAR_FAST_SERVER_PERMIL 528
|
#define VAR_LOW_RTT_PERMIL 528
|
||||||
#define VAR_FAST_SERVER_NUM 529
|
#define VAR_FAST_SERVER_PERMIL 529
|
||||||
#define VAR_ALLOW_NOTIFY 530
|
#define VAR_FAST_SERVER_NUM 530
|
||||||
#define VAR_TLS_WIN_CERT 531
|
#define VAR_ALLOW_NOTIFY 531
|
||||||
#define VAR_TCP_CONNECTION_LIMIT 532
|
#define VAR_TLS_WIN_CERT 532
|
||||||
#define VAR_FORWARD_NO_CACHE 533
|
#define VAR_TCP_CONNECTION_LIMIT 533
|
||||||
#define VAR_STUB_NO_CACHE 534
|
#define VAR_FORWARD_NO_CACHE 534
|
||||||
#define VAR_LOG_SERVFAIL 535
|
#define VAR_STUB_NO_CACHE 535
|
||||||
#define VAR_DENY_ANY 536
|
#define VAR_LOG_SERVFAIL 536
|
||||||
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 537
|
#define VAR_DENY_ANY 537
|
||||||
#define VAR_LOG_TAG_QUERYREPLY 538
|
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 538
|
||||||
#define VAR_STREAM_WAIT_SIZE 539
|
#define VAR_LOG_TAG_QUERYREPLY 539
|
||||||
#define VAR_TLS_CIPHERS 540
|
#define VAR_STREAM_WAIT_SIZE 540
|
||||||
#define VAR_TLS_CIPHERSUITES 541
|
#define VAR_TLS_CIPHERS 541
|
||||||
#define VAR_TLS_USE_SNI 542
|
#define VAR_TLS_CIPHERSUITES 542
|
||||||
#define VAR_IPSET 543
|
#define VAR_TLS_USE_SNI 543
|
||||||
#define VAR_IPSET_NAME_V4 544
|
#define VAR_IPSET 544
|
||||||
#define VAR_IPSET_NAME_V6 545
|
#define VAR_IPSET_NAME_V4 545
|
||||||
#define VAR_TLS_SESSION_TICKET_KEYS 546
|
#define VAR_IPSET_NAME_V6 546
|
||||||
#define VAR_RPZ 547
|
#define VAR_TLS_SESSION_TICKET_KEYS 547
|
||||||
#define VAR_TAGS 548
|
#define VAR_RPZ 548
|
||||||
#define VAR_RPZ_ACTION_OVERRIDE 549
|
#define VAR_TAGS 549
|
||||||
#define VAR_RPZ_CNAME_OVERRIDE 550
|
#define VAR_RPZ_ACTION_OVERRIDE 550
|
||||||
#define VAR_RPZ_LOG 551
|
#define VAR_RPZ_CNAME_OVERRIDE 551
|
||||||
#define VAR_RPZ_LOG_NAME 552
|
#define VAR_RPZ_LOG 552
|
||||||
#define VAR_DYNLIB 553
|
#define VAR_RPZ_LOG_NAME 553
|
||||||
#define VAR_DYNLIB_FILE 554
|
#define VAR_DYNLIB 554
|
||||||
#define VAR_EDNS_CLIENT_TAG 555
|
#define VAR_DYNLIB_FILE 555
|
||||||
#define VAR_EDNS_CLIENT_TAG_OPCODE 556
|
#define VAR_EDNS_CLIENT_TAG 556
|
||||||
|
#define VAR_EDNS_CLIENT_TAG_OPCODE 557
|
||||||
|
|
||||||
/* Value type. */
|
/* Value type. */
|
||||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||||
|
|
@ -659,7 +661,7 @@ union YYSTYPE
|
||||||
|
|
||||||
char* str;
|
char* str;
|
||||||
|
|
||||||
#line 663 "util/configparser.h"
|
#line 665 "util/configparser.h"
|
||||||
|
|
||||||
};
|
};
|
||||||
typedef union YYSTYPE YYSTYPE;
|
typedef union YYSTYPE YYSTYPE;
|
||||||
|
|
|
||||||
|
|
@ -116,7 +116,7 @@ extern struct config_parser_state* cfg_parser;
|
||||||
%token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
|
%token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
|
||||||
%token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
|
%token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
|
||||||
%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
|
%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
|
||||||
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
|
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
|
||||||
%token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
|
%token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
|
||||||
%token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_KEEP_PROBING
|
%token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_KEEP_PROBING
|
||||||
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
|
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
|
||||||
|
|
@ -251,7 +251,7 @@ content_server: server_num_threads | server_verbosity | server_port |
|
||||||
server_http_query_buffer_size | server_http_response_buffer_size |
|
server_http_query_buffer_size | server_http_response_buffer_size |
|
||||||
server_http_nodelay | server_http_notls_downstream |
|
server_http_nodelay | server_http_notls_downstream |
|
||||||
server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
|
server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
|
||||||
server_so_reuseport | server_delay_close |
|
server_so_reuseport | server_delay_close | server_udp_connect |
|
||||||
server_unblock_lan_zones | server_insecure_lan_zones |
|
server_unblock_lan_zones | server_insecure_lan_zones |
|
||||||
server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
|
server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
|
||||||
server_infra_cache_min_rtt | server_harden_algo_downgrade |
|
server_infra_cache_min_rtt | server_harden_algo_downgrade |
|
||||||
|
|
@ -1443,6 +1443,15 @@ server_delay_close: VAR_DELAY_CLOSE STRING_ARG
|
||||||
free($2);
|
free($2);
|
||||||
}
|
}
|
||||||
;
|
;
|
||||||
|
server_udp_connect: VAR_UDP_CONNECT STRING_ARG
|
||||||
|
{
|
||||||
|
OUTYY(("P(server_udp_connect:%s)\n", $2));
|
||||||
|
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||||
|
yyerror("expected yes or no.");
|
||||||
|
else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
|
||||||
|
free($2);
|
||||||
|
}
|
||||||
|
;
|
||||||
server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
|
server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
|
||||||
{
|
{
|
||||||
OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
|
OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue