Merge pull request #200 from yarikk/ipdiffserv

add ip-dscp option to specify the DSCP tag for outgoing packets

daemon/remote.c

@@ -329,7 +329,7 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
 
 		/* open fd */
 		fd = create_tcp_accept_sock(res, 1, &noproto, 0,
-			cfg->ip_transparent, 0, cfg->ip_freebind, cfg->use_systemd);
+			cfg->ip_transparent, 0, cfg->ip_freebind, cfg->use_systemd, cfg->ip_dscp);
 		freeaddrinfo(res);
 	}
 

daemon/worker.c

@@ -1808,7 +1808,7 @@ worker_init(struct worker* worker, struct config_file *cfg,
 	worker->back = outside_network_create(worker->base,
 		cfg->msg_buffer_size, (size_t)cfg->outgoing_num_ports, 
 		cfg->out_ifs, cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, 
-		cfg->do_tcp?cfg->outgoing_num_tcp:0, 
+		cfg->do_tcp?cfg->outgoing_num_tcp:0, cfg->ip_dscp,
 		worker->daemon->env->infra_cache, worker->rndstate,
 		cfg->use_caps_bits_for_id, worker->ports, worker->numports,
 		cfg->unwanted_threshold, cfg->outgoing_tcp_mss,

doc/unbound.conf.5.in

@@ -323,6 +323,12 @@ IP addresses that are nonlocal or do not exist, like when the network
 interface or IP address is down.  Exists only on Linux, where the similar
 ip\-transparent option is also available.
 .TP
+.B ip-dscp: \fI<number>
+The value of the Differentiated Services Codepoint (DSCP) in the
+differentiated services field (DS) of the outgoing IP packet headers.
+The field replaces the outdated IPv4 Type-Of-Service field and the
+IPV6 traffic class field.
+.TP
 .B rrset\-cache\-size: \fI<number>
 Number of bytes size of the RRset cache. Default is 4 megabytes.
 A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes

libunbound/libworker.c

@@ -233,7 +233,7 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb)
 	w->back = outside_network_create(w->base, cfg->msg_buffer_size,
 		(size_t)cfg->outgoing_num_ports, cfg->out_ifs,
 		cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, 
-		cfg->do_tcp?cfg->outgoing_num_tcp:0,
+		cfg->do_tcp?cfg->outgoing_num_tcp:0, cfg->ip_dscp,
 		w->env->infra_cache, w->env->rnd, cfg->use_caps_bits_for_id,
 		ports, numports, cfg->unwanted_threshold,
 		cfg->outgoing_tcp_mss, &libworker_alloc_cleanup, w,

services/listen_dnsport.c

@@ -179,9 +179,10 @@ int
 create_udp_sock(int family, int socktype, struct sockaddr* addr,
         socklen_t addrlen, int v6only, int* inuse, int* noproto,
 	int rcv, int snd, int listen, int* reuseport, int transparent,
-	int freebind, int use_systemd)
+	int freebind, int use_systemd, int dscp)
 {
 	int s;
+	char* err;
 #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU)  || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) || defined (SO_BINDANY)
 	int on=1;
 #endif
@@ -451,6 +452,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
 #  endif
 #endif /* SO_SNDBUF */
 	}
+	err = set_ip_dscp(s, family, dscp);
+	if(err != NULL)
+		log_warn("error setting IP DiffServ codepoint %d on UDP socket: %s", dscp, err);
 	if(family == AF_INET6) {
 # if defined(IPV6_V6ONLY)
 		if(v6only) {
@@ -638,9 +642,10 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
 
 int
 create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
-	int* reuseport, int transparent, int mss, int freebind, int use_systemd)
+	int* reuseport, int transparent, int mss, int freebind, int use_systemd, int dscp)
 {
 	int s;
+	char* err;
 #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) || defined(SO_BINDANY)
 	int on = 1;
 #endif
@@ -793,6 +798,9 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
 		strerror(errno));
 	}
 #endif /* IP_TRANSPARENT || IP_BINDANY || SO_BINDANY */
+	err = set_ip_dscp(s, addr->ai_family, dscp);
+	if(err != NULL)
+		log_warn("error setting IP DiffServ codepoint %d on TCP socket: %s", dscp, err);
 	if(
 #ifdef HAVE_SYSTEMD
 		!got_fd_from_systemd &&
@@ -866,6 +874,48 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
 	return s;
 }
 
+char*
+set_ip_dscp(int socket, int addrfamily, int dscp) {
+	int ds;
+
+	if(dscp == 0)
+		return NULL;
+	ds = dscp << 2;
+	switch(addrfamily) {
+	case AF_INET6:
+		if(setsockopt(socket, IPPROTO_IPV6, IPV6_TCLASS, &ds, sizeof(ds)) < 0)
+			return sock_strerror(errno);
+	default:
+		if(setsockopt(socket, IPPROTO_IP, IP_TOS, &ds, sizeof(ds)) < 0)
+			return sock_strerror(errno);
+	}
+	return NULL;
+}
+
+#  ifndef USE_WINSOCK
+char*
+sock_strerror(int errn){
+	return strerror(errno);
+}
+
+void
+sock_close(int socket) {
+	close(socket);
+}
+
+#  else
+char*
+sock_strerror(int errn){
+	return wsa_strerror(WSAGetLastError()))
+}
+
+void
+sock_close(int socket) {
+	closesocket(socket);
+}
+
+#  endif /* USE_WINSOCK */
+
 int
 create_local_accept_sock(const char *path, int* noproto, int use_systemd)
 {
@@ -952,7 +1002,7 @@ err:
 static int
 make_sock(int stype, const char* ifname, const char* port, 
 	struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd,
-	int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd)
+	int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd, int dscp)
 {
 	struct addrinfo *res = NULL;
 	int r, s, inuse, noproto;
@@ -980,7 +1030,7 @@ make_sock(int stype, const char* ifname, const char* port,
 		s = create_udp_sock(res->ai_family, res->ai_socktype,
 			(struct sockaddr*)res->ai_addr, res->ai_addrlen,
 			v6only, &inuse, &noproto, (int)rcv, (int)snd, 1,
-			reuseport, transparent, freebind, use_systemd);
+			reuseport, transparent, freebind, use_systemd, dscp);
 		if(s == -1 && inuse) {
 			log_err("bind: address already in use");
 		} else if(s == -1 && noproto && hints->ai_family == AF_INET6){
@@ -988,7 +1038,7 @@ make_sock(int stype, const char* ifname, const char* port,
 		}
 	} else	{
 		s = create_tcp_accept_sock(res, v6only, &noproto, reuseport,
-			transparent, tcp_mss, freebind, use_systemd);
+			transparent, tcp_mss, freebind, use_systemd, dscp);
 		if(s == -1 && noproto && hints->ai_family == AF_INET6){
 			*noip6 = 1;
 		}
@@ -1001,7 +1051,7 @@ make_sock(int stype, const char* ifname, const char* port,
 static int
 make_sock_port(int stype, const char* ifname, const char* port, 
 	struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd,
-	int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd)
+	int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd, int dscp)
 {
 	char* s = strchr(ifname, '@');
 	if(s) {
@@ -1023,10 +1073,10 @@ make_sock_port(int stype, const char* ifname, const char* port,
 		(void)strlcpy(p, s+1, sizeof(p));
 		p[strlen(s+1)]=0;
 		return make_sock(stype, newif, p, hints, v6only, noip6,
-			rcv, snd, reuseport, transparent, tcp_mss, freebind, use_systemd);
+			rcv, snd, reuseport, transparent, tcp_mss, freebind, use_systemd, dscp);
 	}
 	return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd,
-		reuseport, transparent, tcp_mss, freebind, use_systemd);
+		reuseport, transparent, tcp_mss, freebind, use_systemd, dscp);
 }
 
 /**
@@ -1154,7 +1204,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
 	size_t rcv, size_t snd, int ssl_port,
 	struct config_strlist* tls_additional_port, int* reuseport,
 	int transparent, int tcp_mss, int freebind, int use_systemd,
-	int dnscrypt_port)
+	int dnscrypt_port, int dscp)
 {
 	int s, noip6=0;
 #ifdef USE_DNSCRYPT
@@ -1171,7 +1221,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
 	if(do_auto) {
 		if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, 
 			&noip6, rcv, snd, reuseport, transparent,
-			tcp_mss, freebind, use_systemd)) == -1) {
+			tcp_mss, freebind, use_systemd, dscp)) == -1) {
 			if(noip6) {
 				log_warn("IPv6 protocol not available");
 				return 1;
@@ -1200,7 +1250,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
 		/* regular udp socket */
 		if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, 
 			&noip6, rcv, snd, reuseport, transparent,
-			tcp_mss, freebind, use_systemd)) == -1) {
+			tcp_mss, freebind, use_systemd, dscp)) == -1) {
 			if(noip6) {
 				log_warn("IPv6 protocol not available");
 				return 1;
@@ -1222,7 +1272,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
 			tls_additional_port);
 		if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, 
 			&noip6, 0, 0, reuseport, transparent, tcp_mss,
-			freebind, use_systemd)) == -1) {
+			freebind, use_systemd, dscp)) == -1) {
 			if(noip6) {
 				/*log_warn("IPv6 protocol not available");*/
 				return 1;
@@ -1421,7 +1471,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
 				cfg->ssl_port, cfg->tls_additional_port,
 				reuseport, cfg->ip_transparent,
 				cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
-				cfg->dnscrypt_port)) {
+				cfg->dnscrypt_port, cfg->ip_dscp)) {
 				listening_ports_free(list);
 				return NULL;
 			}
@@ -1435,7 +1485,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
 				cfg->ssl_port, cfg->tls_additional_port,
 				reuseport, cfg->ip_transparent,
 				cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
-				cfg->dnscrypt_port)) {
+				cfg->dnscrypt_port, cfg->ip_dscp)) {
 				listening_ports_free(list);
 				return NULL;
 			}
@@ -1451,7 +1501,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
 				cfg->ssl_port, cfg->tls_additional_port,
 				reuseport, cfg->ip_transparent,
 				cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
-				cfg->dnscrypt_port)) {
+				cfg->dnscrypt_port, cfg->ip_dscp)) {
 				listening_ports_free(list);
 				return NULL;
 			}
@@ -1465,7 +1515,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
 				cfg->ssl_port, cfg->tls_additional_port,
 				reuseport, cfg->ip_transparent,
 				cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
-				cfg->dnscrypt_port)) {
+				cfg->dnscrypt_port, cfg->ip_dscp)) {
 				listening_ports_free(list);
 				return NULL;
 			}

services/listen_dnsport.h

@@ -209,7 +209,7 @@ void listen_start_accept(struct listen_dnsport* listen);
  */
 int create_udp_sock(int family, int socktype, struct sockaddr* addr, 
 	socklen_t addrlen, int v6only, int* inuse, int* noproto, int rcv,
-	int snd, int listen, int* reuseport, int transparent, int freebind, int use_systemd);
+	int snd, int listen, int* reuseport, int transparent, int freebind, int use_systemd, int dscp);
 
 /**
  * Create and bind TCP listening socket
@@ -225,7 +225,7 @@ int create_udp_sock(int family, int socktype, struct sockaddr* addr,
  * @return: the socket. -1 on error.
  */
 int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
-	int* reuseport, int transparent, int mss, int freebind, int use_systemd);
+	int* reuseport, int transparent, int mss, int freebind, int use_systemd, int dscp);
 
 /**
  * Create and bind local listening socket
@@ -367,4 +367,7 @@ int tcp_req_info_handle_read_close(struct tcp_req_info* req);
 /** get the size of currently used tcp stream wait buffers (in bytes) */
 size_t tcp_req_info_get_stream_buffer_size(void);
 
+char* set_ip_dscp(int socket, int addrfamily, int ds);
+char* sock_strerror(int errn);
+
 #endif /* LISTEN_DNSPORT_H */

services/outside_network.c

@@ -205,18 +205,25 @@ pick_outgoing_tcp(struct waiting_tcp* w, int s)
 /** get TCP file descriptor for address, returns -1 on failure,
  * tcp_mss is 0 or maxseg size to set for TCP packets. */
 int
-outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss)
+outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, int dscp)
 {
 	int s;
+	int af;
+	char* err;
 #ifdef SO_REUSEADDR
 	int on = 1;
 #endif
 #ifdef INET6
-	if(addr_is_ip6(addr, addrlen))
+	if(addr_is_ip6(addr, addrlen)){
 		s = socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP);
-	else
+		af = AF_INET6;
+	} else {
+#else
+	{
 #endif
+		af = AF_INET;
 		s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+	}
 	if(s == -1) {
 #ifndef USE_WINSOCK
 		log_err_addr("outgoing tcp: socket", strerror(errno),
@@ -236,6 +243,12 @@ outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss)
 	}
 #endif
 
+	err = set_ip_dscp(s, af, dscp);
+	if(err != NULL) {
+		verbose(VERB_ALGO, "outgoing tcp:"
+			"error setting IP DiffServ codepoint on socket");
+	}
+
 	if(tcp_mss > 0) {
 #if defined(IPPROTO_TCP) && defined(TCP_MAXSEG)
 		if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG,
@@ -291,7 +304,7 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
 	log_assert(pkt);
 	log_assert(w->addrlen > 0);
 	/* open socket */
-	s = outnet_get_tcp_fd(&w->addr, w->addrlen, w->outnet->tcp_mss);
+	s = outnet_get_tcp_fd(&w->addr, w->addrlen, w->outnet->tcp_mss, w->outnet->ip_dscp);
 
 	if(s == -1)
 		return 0;
@@ -719,7 +732,7 @@ static int setup_if(struct port_if* pif, const char* addrstr,
 struct outside_network* 
 outside_network_create(struct comm_base *base, size_t bufsize, 
 	size_t num_ports, char** ifs, int num_ifs, int do_ip4, 
-	int do_ip6, size_t num_tcp, struct infra_cache* infra,
+	int do_ip6, size_t num_tcp, int dscp, struct infra_cache* infra,
 	struct ub_randstate* rnd, int use_caps_for_id, int* availports, 
 	int numavailports, size_t unwanted_threshold, int tcp_mss,
 	void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
@@ -752,6 +765,7 @@ outside_network_create(struct comm_base *base, size_t bufsize,
 	outnet->use_caps_for_id = use_caps_for_id;
 	outnet->do_udp = do_udp;
 	outnet->tcp_mss = tcp_mss;
+	outnet->ip_dscp = dscp;
 #ifndef S_SPLINT_S
 	if(delayclose) {
 		outnet->delayclose = 1;
@@ -1041,7 +1055,7 @@ sai6_putrandom(struct sockaddr_in6 *sa, int pfxlen, struct ub_randstate *rnd)
  */
 static int
 udp_sockport(struct sockaddr_storage* addr, socklen_t addrlen, int pfxlen,
-	int port, int* inuse, struct ub_randstate* rnd)
+	int port, int* inuse, struct ub_randstate* rnd, int dscp)
 {
 	int fd, noproto;
 	if(addr_is_ip6(addr, addrlen)) {
@@ -1056,13 +1070,13 @@ udp_sockport(struct sockaddr_storage* addr, socklen_t addrlen, int pfxlen,
 		}
 		fd = create_udp_sock(AF_INET6, SOCK_DGRAM, 
 			(struct sockaddr*)&sa, addrlen, 1, inuse, &noproto,
-			0, 0, 0, NULL, 0, freebind, 0);
+			0, 0, 0, NULL, 0, freebind, 0, dscp);
 	} else {
 		struct sockaddr_in* sa = (struct sockaddr_in*)addr;
 		sa->sin_port = (in_port_t)htons((uint16_t)port);
 		fd = create_udp_sock(AF_INET, SOCK_DGRAM, 
 			(struct sockaddr*)addr, addrlen, 1, inuse, &noproto,
-			0, 0, 0, NULL, 0, 0, 0);
+			0, 0, 0, NULL, 0, 0, 0, dscp);
 	}
 	return fd;
 }
@@ -1127,7 +1141,7 @@ select_ifport(struct outside_network* outnet, struct pending* pend,
 		my_port = portno = 0;
 #endif
 		fd = udp_sockport(&pif->addr, pif->addrlen, pif->pfxlen,
-			portno, &inuse, outnet->rnd);
+			portno, &inuse, outnet->rnd, outnet->ip_dscp);
 		if(fd == -1 && !inuse) {
 			/* nonrecoverable error making socket */
 			return 0;
@@ -2176,10 +2190,11 @@ fd_for_dest(struct outside_network* outnet, struct sockaddr_storage* to_addr,
 {
 	struct sockaddr_storage* addr;
 	socklen_t addrlen;
-	int i, try, pnum;
+	int i, try, pnum, dscp;
 	struct port_if* pif;
 
 	/* create fd */
+	dscp = outnet->ip_dscp;
 	for(try = 0; try<1000; try++) {
 		int port = 0;
 		int freebind = 0;
@@ -2226,13 +2241,13 @@ fd_for_dest(struct outside_network* outnet, struct sockaddr_storage* to_addr,
 			sa.sin6_port = (in_port_t)htons((uint16_t)port);
 			fd = create_udp_sock(AF_INET6, SOCK_DGRAM,
 				(struct sockaddr*)&sa, addrlen, 1, &inuse, &noproto,
-				0, 0, 0, NULL, 0, freebind, 0);
+				0, 0, 0, NULL, 0, freebind, 0, dscp);
 		} else {
 			struct sockaddr_in* sa = (struct sockaddr_in*)addr;
 			sa->sin_port = (in_port_t)htons((uint16_t)port);
 			fd = create_udp_sock(AF_INET, SOCK_DGRAM, 
 				(struct sockaddr*)addr, addrlen, 1, &inuse, &noproto,
-				0, 0, 0, NULL, 0, freebind, 0);
+				0, 0, 0, NULL, 0, freebind, 0, dscp);
 		}
 		if(fd != -1) {
 			return fd;
@@ -2324,7 +2339,7 @@ outnet_comm_point_for_tcp(struct outside_network* outnet,
 	sldns_buffer* query, int timeout, int ssl, char* host)
 {
 	struct comm_point* cp;
-	int fd = outnet_get_tcp_fd(to_addr, to_addrlen, outnet->tcp_mss);
+	int fd = outnet_get_tcp_fd(to_addr, to_addrlen, outnet->tcp_mss, outnet->ip_dscp);
 	if(fd == -1) {
 		return 0;
 	}
@@ -2386,7 +2401,7 @@ outnet_comm_point_for_http(struct outside_network* outnet,
 {
 	/* cp calls cb with err=NETEVENT_DONE when transfer is done */
 	struct comm_point* cp;
-	int fd = outnet_get_tcp_fd(to_addr, to_addrlen, outnet->tcp_mss);
+	int fd = outnet_get_tcp_fd(to_addr, to_addrlen, outnet->tcp_mss, outnet->ip_dscp);
 	if(fd == -1) {
 		return 0;
 	}

services/outside_network.h

@@ -138,6 +138,8 @@ struct outside_network {
 #endif
 	/** maximum segment size of tcp socket */
 	int tcp_mss;
+	/** IP_TOS socket option requested on the sockets */
+	int ip_dscp;
 
 	/**
 	 * Array of tcp pending used for outgoing TCP connections.
@@ -419,7 +421,7 @@ struct serviced_query {
  */
 struct outside_network* outside_network_create(struct comm_base* base,
 	size_t bufsize, size_t num_ports, char** ifs, int num_ifs,
-	int do_ip4, int do_ip6, size_t num_tcp, struct infra_cache* infra, 
+	int do_ip4, int do_ip6, size_t num_tcp, int dscp, struct infra_cache* infra, 
 	struct ub_randstate* rnd, int use_caps_for_id, int* availports, 
 	int numavailports, size_t unwanted_threshold, int tcp_mss,
 	void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
@@ -542,7 +544,7 @@ size_t serviced_get_mem(struct serviced_query* sq);
 
 /** get TCP file descriptor for address, returns -1 on failure,
  * tcp_mss is 0 or maxseg size to set for TCP packets. */
-int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss);
+int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, int dscp);
 
 /**
  * Create udp commpoint suitable for sending packets to the destination.

testcode/fake_event.c

@@ -1031,6 +1031,7 @@ outside_network_create(struct comm_base* base, size_t bufsize,
 	size_t ATTR_UNUSED(num_ports), char** ATTR_UNUSED(ifs), 
 	int ATTR_UNUSED(num_ifs), int ATTR_UNUSED(do_ip4), 
 	int ATTR_UNUSED(do_ip6), size_t ATTR_UNUSED(num_tcp), 
+	int ATTR_UNUSED(dscp),
 	struct infra_cache* infra,
 	struct ub_randstate* ATTR_UNUSED(rnd), 
 	int ATTR_UNUSED(use_caps_for_id), int* ATTR_UNUSED(availports),
@@ -1583,7 +1584,7 @@ int create_udp_sock(int ATTR_UNUSED(family), int ATTR_UNUSED(socktype),
 	int* ATTR_UNUSED(noproto), int ATTR_UNUSED(rcv), int ATTR_UNUSED(snd),
 	int ATTR_UNUSED(listen), int* ATTR_UNUSED(reuseport),
 	int ATTR_UNUSED(transparent), int ATTR_UNUSED(freebind),
-	int ATTR_UNUSED(use_systemd))
+	int ATTR_UNUSED(use_systemd), int ATTR_UNUSED(dscp))
 {
 	/* if you actually print to this, it'll be stdout during test */
 	return 1;
@@ -1790,7 +1791,7 @@ int comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet,
 }
 
 int outnet_get_tcp_fd(struct sockaddr_storage* ATTR_UNUSED(addr),
-	socklen_t ATTR_UNUSED(addrlen), int ATTR_UNUSED(tcp_mss))
+	socklen_t ATTR_UNUSED(addrlen), int ATTR_UNUSED(tcp_mss), int ATTR_UNUSED(dscp))
 {
 	log_assert(0);
 	return -1;

testdata/04-checkconf.tdir/bad.dscp

@@ -0,0 +1,5 @@
+include: "good.min"
+
+server:
+	# an abnormal value for the option
+	ip-dscp: 500

testdata/04-checkconf.tdir/good.all

@@ -220,6 +220,10 @@ server:
 	# more slabs reduce lock contention, but fragment memory usage.
 	key-cache-slabs: 4
 
+	# the value of the Differentiated Services Codepoint (DSCP)
+	# in the differentiated services field (DS) of the outgoing
+	# IP packets
+	ip-dscp: 5
 
 # Stub zones.
 # Create entries like below, to make all queries for 'example.com' and 

testdata/04-checkconf.tdir/good.min

@@ -0,0 +1,7 @@
+# the minimal passing config - include in your bad.x to verify that
+# it is your option which triggers failure
+server:
+	chroot: ""
+	username: ""
+	directory: "."
+	pidfile: ""

util/config_file.c

@@ -186,6 +186,7 @@ config_create(void)
 	cfg->so_reuseport = REUSEPORT_DEFAULT;
 	cfg->ip_transparent = 0;
 	cfg->ip_freebind = 0;
+	cfg->ip_dscp = 0;
 	cfg->num_ifs = 0;
 	cfg->ifs = NULL;
 	cfg->num_out_ifs = 0;
@@ -923,6 +924,7 @@ config_get_option(struct config_file* cfg, const char* opt,
 	else O_YNO(opt, "so-reuseport", so_reuseport)
 	else O_YNO(opt, "ip-transparent", ip_transparent)
 	else O_YNO(opt, "ip-freebind", ip_freebind)
+	else O_DEC(opt, "ip-dscp", ip_dscp)
 	else O_MEM(opt, "rrset-cache-size", rrset_cache_size)
 	else O_DEC(opt, "rrset-cache-slabs", rrset_cache_slabs)
 	else O_YNO(opt, "prefetch-key", prefetch_key)

util/config_file.h

@@ -188,6 +188,8 @@ struct config_file {
 	int ip_transparent;
 	/** IP_FREEBIND socket option request on port 53 sockets */
 	int ip_freebind;
+	/** IP_TOS socket option requested on port 53 sockets */
+	int ip_dscp;
 
 	/** number of interfaces to open. If 0 default all interfaces. */
 	int num_ifs;

util/configlexer.lex

@@ -259,6 +259,7 @@ so-sndbuf{COLON}		{ YDVAR(1, VAR_SO_SNDBUF) }
 so-reuseport{COLON}		{ YDVAR(1, VAR_SO_REUSEPORT) }
 ip-transparent{COLON}		{ YDVAR(1, VAR_IP_TRANSPARENT) }
 ip-freebind{COLON}		{ YDVAR(1, VAR_IP_FREEBIND) }
+ip-dscp{COLON}		{ YDVAR(1, VAR_IP_DSCP) }
 chroot{COLON}			{ YDVAR(1, VAR_CHROOT) }
 username{COLON}			{ YDVAR(1, VAR_USERNAME) }
 directory{COLON}		{ YDVAR(1, VAR_DIRECTORY) }

util/configparser.h

@@ -1,14 +1,14 @@
-/* A Bison parser, made by GNU Bison 3.4.1.  */
+/* A Bison parser, made by GNU Bison 2.3.  */
 
-/* Bison interface for Yacc-like parsers in C
+/* Skeleton interface for Bison's Yacc-like parsers in C
 
-   Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2019 Free Software Foundation,
-   Inc.
+   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+   Free Software Foundation, Inc.
 
-   This program is free software: you can redistribute it and/or modify
+   This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation, either version 3 of the License, or
-   (at your option) any later version.
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -16,7 +16,9 @@
    GNU General Public License for more details.
 
    You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor,
+   Boston, MA 02110-1301, USA.  */
 
 /* As a special exception, you may create a larger work that contains
    part or all of the Bison parser skeleton and distribute that work
@@ -31,24 +33,12 @@
    This special exception was added by the Free Software Foundation in
    version 2.2 of Bison.  */
 
-/* Undocumented macros, especially those whose name start with YY_,
-   are private implementation details.  Do not rely on them.  */
-
-#ifndef YY_YY_UTIL_CONFIGPARSER_H_INCLUDED
-# define YY_YY_UTIL_CONFIGPARSER_H_INCLUDED
-/* Debug traces.  */
-#ifndef YYDEBUG
-# define YYDEBUG 0
-#endif
-#if YYDEBUG
-extern int yydebug;
-#endif
-
-/* Token type.  */
+/* Tokens.  */
 #ifndef YYTOKENTYPE
 # define YYTOKENTYPE
-  enum yytokentype
-  {
+   /* Put the tokens into the symbol table, so that GDB and other debuggers
+      know about them.  */
+   enum yytokentype {
      SPACE = 258,
      LETTER = 259,
      NEWLINE = 260,
@@ -222,115 +212,116 @@ extern int yydebug;
      VAR_RESPONSE_IP_DATA = 428,
      VAR_HARDEN_ALGO_DOWNGRADE = 429,
      VAR_IP_TRANSPARENT = 430,
-    VAR_DISABLE_DNSSEC_LAME_CHECK = 431,
-    VAR_IP_RATELIMIT = 432,
-    VAR_IP_RATELIMIT_SLABS = 433,
-    VAR_IP_RATELIMIT_SIZE = 434,
-    VAR_RATELIMIT = 435,
-    VAR_RATELIMIT_SLABS = 436,
-    VAR_RATELIMIT_SIZE = 437,
-    VAR_RATELIMIT_FOR_DOMAIN = 438,
-    VAR_RATELIMIT_BELOW_DOMAIN = 439,
-    VAR_IP_RATELIMIT_FACTOR = 440,
-    VAR_RATELIMIT_FACTOR = 441,
-    VAR_SEND_CLIENT_SUBNET = 442,
-    VAR_CLIENT_SUBNET_ZONE = 443,
-    VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 444,
-    VAR_CLIENT_SUBNET_OPCODE = 445,
-    VAR_MAX_CLIENT_SUBNET_IPV4 = 446,
-    VAR_MAX_CLIENT_SUBNET_IPV6 = 447,
-    VAR_MIN_CLIENT_SUBNET_IPV4 = 448,
-    VAR_MIN_CLIENT_SUBNET_IPV6 = 449,
-    VAR_MAX_ECS_TREE_SIZE_IPV4 = 450,
-    VAR_MAX_ECS_TREE_SIZE_IPV6 = 451,
-    VAR_CAPS_WHITELIST = 452,
-    VAR_CACHE_MAX_NEGATIVE_TTL = 453,
-    VAR_PERMIT_SMALL_HOLDDOWN = 454,
-    VAR_QNAME_MINIMISATION = 455,
-    VAR_QNAME_MINIMISATION_STRICT = 456,
-    VAR_IP_FREEBIND = 457,
-    VAR_DEFINE_TAG = 458,
-    VAR_LOCAL_ZONE_TAG = 459,
-    VAR_ACCESS_CONTROL_TAG = 460,
-    VAR_LOCAL_ZONE_OVERRIDE = 461,
-    VAR_ACCESS_CONTROL_TAG_ACTION = 462,
-    VAR_ACCESS_CONTROL_TAG_DATA = 463,
-    VAR_VIEW = 464,
-    VAR_ACCESS_CONTROL_VIEW = 465,
-    VAR_VIEW_FIRST = 466,
-    VAR_SERVE_EXPIRED = 467,
-    VAR_SERVE_EXPIRED_TTL = 468,
-    VAR_SERVE_EXPIRED_TTL_RESET = 469,
-    VAR_SERVE_EXPIRED_REPLY_TTL = 470,
-    VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 471,
-    VAR_FAKE_DSA = 472,
-    VAR_FAKE_SHA1 = 473,
-    VAR_LOG_IDENTITY = 474,
-    VAR_HIDE_TRUSTANCHOR = 475,
-    VAR_TRUST_ANCHOR_SIGNALING = 476,
-    VAR_AGGRESSIVE_NSEC = 477,
-    VAR_USE_SYSTEMD = 478,
-    VAR_SHM_ENABLE = 479,
-    VAR_SHM_KEY = 480,
-    VAR_ROOT_KEY_SENTINEL = 481,
-    VAR_DNSCRYPT = 482,
-    VAR_DNSCRYPT_ENABLE = 483,
-    VAR_DNSCRYPT_PORT = 484,
-    VAR_DNSCRYPT_PROVIDER = 485,
-    VAR_DNSCRYPT_SECRET_KEY = 486,
-    VAR_DNSCRYPT_PROVIDER_CERT = 487,
-    VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 488,
-    VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 489,
-    VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 490,
-    VAR_DNSCRYPT_NONCE_CACHE_SIZE = 491,
-    VAR_DNSCRYPT_NONCE_CACHE_SLABS = 492,
-    VAR_IPSECMOD_ENABLED = 493,
-    VAR_IPSECMOD_HOOK = 494,
-    VAR_IPSECMOD_IGNORE_BOGUS = 495,
-    VAR_IPSECMOD_MAX_TTL = 496,
-    VAR_IPSECMOD_WHITELIST = 497,
-    VAR_IPSECMOD_STRICT = 498,
-    VAR_CACHEDB = 499,
-    VAR_CACHEDB_BACKEND = 500,
-    VAR_CACHEDB_SECRETSEED = 501,
-    VAR_CACHEDB_REDISHOST = 502,
-    VAR_CACHEDB_REDISPORT = 503,
-    VAR_CACHEDB_REDISTIMEOUT = 504,
-    VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 505,
-    VAR_FOR_UPSTREAM = 506,
-    VAR_AUTH_ZONE = 507,
-    VAR_ZONEFILE = 508,
-    VAR_MASTER = 509,
-    VAR_URL = 510,
-    VAR_FOR_DOWNSTREAM = 511,
-    VAR_FALLBACK_ENABLED = 512,
-    VAR_TLS_ADDITIONAL_PORT = 513,
-    VAR_LOW_RTT = 514,
-    VAR_LOW_RTT_PERMIL = 515,
-    VAR_FAST_SERVER_PERMIL = 516,
-    VAR_FAST_SERVER_NUM = 517,
-    VAR_ALLOW_NOTIFY = 518,
-    VAR_TLS_WIN_CERT = 519,
-    VAR_TCP_CONNECTION_LIMIT = 520,
-    VAR_FORWARD_NO_CACHE = 521,
-    VAR_STUB_NO_CACHE = 522,
-    VAR_LOG_SERVFAIL = 523,
-    VAR_DENY_ANY = 524,
-    VAR_UNKNOWN_SERVER_TIME_LIMIT = 525,
-    VAR_LOG_TAG_QUERYREPLY = 526,
-    VAR_STREAM_WAIT_SIZE = 527,
-    VAR_TLS_CIPHERS = 528,
-    VAR_TLS_CIPHERSUITES = 529,
-    VAR_IPSET = 530,
-    VAR_IPSET_NAME_V4 = 531,
-    VAR_IPSET_NAME_V6 = 532,
-    VAR_TLS_SESSION_TICKET_KEYS = 533,
-    VAR_RPZ = 534,
-    VAR_TAGS = 535,
-    VAR_RPZ_ACTION_OVERRIDE = 536,
-    VAR_RPZ_CNAME_OVERRIDE = 537,
-    VAR_RPZ_LOG = 538,
-    VAR_RPZ_LOG_NAME = 539
+     VAR_IP_DSCP = 431,
+     VAR_DISABLE_DNSSEC_LAME_CHECK = 432,
+     VAR_IP_RATELIMIT = 433,
+     VAR_IP_RATELIMIT_SLABS = 434,
+     VAR_IP_RATELIMIT_SIZE = 435,
+     VAR_RATELIMIT = 436,
+     VAR_RATELIMIT_SLABS = 437,
+     VAR_RATELIMIT_SIZE = 438,
+     VAR_RATELIMIT_FOR_DOMAIN = 439,
+     VAR_RATELIMIT_BELOW_DOMAIN = 440,
+     VAR_IP_RATELIMIT_FACTOR = 441,
+     VAR_RATELIMIT_FACTOR = 442,
+     VAR_SEND_CLIENT_SUBNET = 443,
+     VAR_CLIENT_SUBNET_ZONE = 444,
+     VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 445,
+     VAR_CLIENT_SUBNET_OPCODE = 446,
+     VAR_MAX_CLIENT_SUBNET_IPV4 = 447,
+     VAR_MAX_CLIENT_SUBNET_IPV6 = 448,
+     VAR_MIN_CLIENT_SUBNET_IPV4 = 449,
+     VAR_MIN_CLIENT_SUBNET_IPV6 = 450,
+     VAR_MAX_ECS_TREE_SIZE_IPV4 = 451,
+     VAR_MAX_ECS_TREE_SIZE_IPV6 = 452,
+     VAR_CAPS_WHITELIST = 453,
+     VAR_CACHE_MAX_NEGATIVE_TTL = 454,
+     VAR_PERMIT_SMALL_HOLDDOWN = 455,
+     VAR_QNAME_MINIMISATION = 456,
+     VAR_QNAME_MINIMISATION_STRICT = 457,
+     VAR_IP_FREEBIND = 458,
+     VAR_DEFINE_TAG = 459,
+     VAR_LOCAL_ZONE_TAG = 460,
+     VAR_ACCESS_CONTROL_TAG = 461,
+     VAR_LOCAL_ZONE_OVERRIDE = 462,
+     VAR_ACCESS_CONTROL_TAG_ACTION = 463,
+     VAR_ACCESS_CONTROL_TAG_DATA = 464,
+     VAR_VIEW = 465,
+     VAR_ACCESS_CONTROL_VIEW = 466,
+     VAR_VIEW_FIRST = 467,
+     VAR_SERVE_EXPIRED = 468,
+     VAR_SERVE_EXPIRED_TTL = 469,
+     VAR_SERVE_EXPIRED_TTL_RESET = 470,
+     VAR_SERVE_EXPIRED_REPLY_TTL = 471,
+     VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 472,
+     VAR_FAKE_DSA = 473,
+     VAR_FAKE_SHA1 = 474,
+     VAR_LOG_IDENTITY = 475,
+     VAR_HIDE_TRUSTANCHOR = 476,
+     VAR_TRUST_ANCHOR_SIGNALING = 477,
+     VAR_AGGRESSIVE_NSEC = 478,
+     VAR_USE_SYSTEMD = 479,
+     VAR_SHM_ENABLE = 480,
+     VAR_SHM_KEY = 481,
+     VAR_ROOT_KEY_SENTINEL = 482,
+     VAR_DNSCRYPT = 483,
+     VAR_DNSCRYPT_ENABLE = 484,
+     VAR_DNSCRYPT_PORT = 485,
+     VAR_DNSCRYPT_PROVIDER = 486,
+     VAR_DNSCRYPT_SECRET_KEY = 487,
+     VAR_DNSCRYPT_PROVIDER_CERT = 488,
+     VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 489,
+     VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 490,
+     VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 491,
+     VAR_DNSCRYPT_NONCE_CACHE_SIZE = 492,
+     VAR_DNSCRYPT_NONCE_CACHE_SLABS = 493,
+     VAR_IPSECMOD_ENABLED = 494,
+     VAR_IPSECMOD_HOOK = 495,
+     VAR_IPSECMOD_IGNORE_BOGUS = 496,
+     VAR_IPSECMOD_MAX_TTL = 497,
+     VAR_IPSECMOD_WHITELIST = 498,
+     VAR_IPSECMOD_STRICT = 499,
+     VAR_CACHEDB = 500,
+     VAR_CACHEDB_BACKEND = 501,
+     VAR_CACHEDB_SECRETSEED = 502,
+     VAR_CACHEDB_REDISHOST = 503,
+     VAR_CACHEDB_REDISPORT = 504,
+     VAR_CACHEDB_REDISTIMEOUT = 505,
+     VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 506,
+     VAR_FOR_UPSTREAM = 507,
+     VAR_AUTH_ZONE = 508,
+     VAR_ZONEFILE = 509,
+     VAR_MASTER = 510,
+     VAR_URL = 511,
+     VAR_FOR_DOWNSTREAM = 512,
+     VAR_FALLBACK_ENABLED = 513,
+     VAR_TLS_ADDITIONAL_PORT = 514,
+     VAR_LOW_RTT = 515,
+     VAR_LOW_RTT_PERMIL = 516,
+     VAR_FAST_SERVER_PERMIL = 517,
+     VAR_FAST_SERVER_NUM = 518,
+     VAR_ALLOW_NOTIFY = 519,
+     VAR_TLS_WIN_CERT = 520,
+     VAR_TCP_CONNECTION_LIMIT = 521,
+     VAR_FORWARD_NO_CACHE = 522,
+     VAR_STUB_NO_CACHE = 523,
+     VAR_LOG_SERVFAIL = 524,
+     VAR_DENY_ANY = 525,
+     VAR_UNKNOWN_SERVER_TIME_LIMIT = 526,
+     VAR_LOG_TAG_QUERYREPLY = 527,
+     VAR_STREAM_WAIT_SIZE = 528,
+     VAR_TLS_CIPHERS = 529,
+     VAR_TLS_CIPHERSUITES = 530,
+     VAR_IPSET = 531,
+     VAR_IPSET_NAME_V4 = 532,
+     VAR_IPSET_NAME_V6 = 533,
+     VAR_TLS_SESSION_TICKET_KEYS = 534,
+     VAR_RPZ = 535,
+     VAR_TAGS = 536,
+     VAR_RPZ_ACTION_OVERRIDE = 537,
+     VAR_RPZ_CNAME_OVERRIDE = 538,
+     VAR_RPZ_LOG = 539,
+     VAR_RPZ_LOG_NAME = 540
    };
 #endif
 /* Tokens.  */
@@ -507,135 +498,133 @@ extern int yydebug;
 #define VAR_RESPONSE_IP_DATA 428
 #define VAR_HARDEN_ALGO_DOWNGRADE 429
 #define VAR_IP_TRANSPARENT 430
-#define VAR_DISABLE_DNSSEC_LAME_CHECK 431
-#define VAR_IP_RATELIMIT 432
-#define VAR_IP_RATELIMIT_SLABS 433
-#define VAR_IP_RATELIMIT_SIZE 434
-#define VAR_RATELIMIT 435
-#define VAR_RATELIMIT_SLABS 436
-#define VAR_RATELIMIT_SIZE 437
-#define VAR_RATELIMIT_FOR_DOMAIN 438
-#define VAR_RATELIMIT_BELOW_DOMAIN 439
-#define VAR_IP_RATELIMIT_FACTOR 440
-#define VAR_RATELIMIT_FACTOR 441
-#define VAR_SEND_CLIENT_SUBNET 442
-#define VAR_CLIENT_SUBNET_ZONE 443
-#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 444
-#define VAR_CLIENT_SUBNET_OPCODE 445
-#define VAR_MAX_CLIENT_SUBNET_IPV4 446
-#define VAR_MAX_CLIENT_SUBNET_IPV6 447
-#define VAR_MIN_CLIENT_SUBNET_IPV4 448
-#define VAR_MIN_CLIENT_SUBNET_IPV6 449
-#define VAR_MAX_ECS_TREE_SIZE_IPV4 450
-#define VAR_MAX_ECS_TREE_SIZE_IPV6 451
-#define VAR_CAPS_WHITELIST 452
-#define VAR_CACHE_MAX_NEGATIVE_TTL 453
-#define VAR_PERMIT_SMALL_HOLDDOWN 454
-#define VAR_QNAME_MINIMISATION 455
-#define VAR_QNAME_MINIMISATION_STRICT 456
-#define VAR_IP_FREEBIND 457
-#define VAR_DEFINE_TAG 458
-#define VAR_LOCAL_ZONE_TAG 459
-#define VAR_ACCESS_CONTROL_TAG 460
-#define VAR_LOCAL_ZONE_OVERRIDE 461
-#define VAR_ACCESS_CONTROL_TAG_ACTION 462
-#define VAR_ACCESS_CONTROL_TAG_DATA 463
-#define VAR_VIEW 464
-#define VAR_ACCESS_CONTROL_VIEW 465
-#define VAR_VIEW_FIRST 466
-#define VAR_SERVE_EXPIRED 467
-#define VAR_SERVE_EXPIRED_TTL 468
-#define VAR_SERVE_EXPIRED_TTL_RESET 469
-#define VAR_SERVE_EXPIRED_REPLY_TTL 470
-#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 471
-#define VAR_FAKE_DSA 472
-#define VAR_FAKE_SHA1 473
-#define VAR_LOG_IDENTITY 474
-#define VAR_HIDE_TRUSTANCHOR 475
-#define VAR_TRUST_ANCHOR_SIGNALING 476
-#define VAR_AGGRESSIVE_NSEC 477
-#define VAR_USE_SYSTEMD 478
-#define VAR_SHM_ENABLE 479
-#define VAR_SHM_KEY 480
-#define VAR_ROOT_KEY_SENTINEL 481
-#define VAR_DNSCRYPT 482
-#define VAR_DNSCRYPT_ENABLE 483
-#define VAR_DNSCRYPT_PORT 484
-#define VAR_DNSCRYPT_PROVIDER 485
-#define VAR_DNSCRYPT_SECRET_KEY 486
-#define VAR_DNSCRYPT_PROVIDER_CERT 487
-#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 488
-#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 489
-#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 490
-#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 491
-#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 492
-#define VAR_IPSECMOD_ENABLED 493
-#define VAR_IPSECMOD_HOOK 494
-#define VAR_IPSECMOD_IGNORE_BOGUS 495
-#define VAR_IPSECMOD_MAX_TTL 496
-#define VAR_IPSECMOD_WHITELIST 497
-#define VAR_IPSECMOD_STRICT 498
-#define VAR_CACHEDB 499
-#define VAR_CACHEDB_BACKEND 500
-#define VAR_CACHEDB_SECRETSEED 501
-#define VAR_CACHEDB_REDISHOST 502
-#define VAR_CACHEDB_REDISPORT 503
-#define VAR_CACHEDB_REDISTIMEOUT 504
-#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 505
-#define VAR_FOR_UPSTREAM 506
-#define VAR_AUTH_ZONE 507
-#define VAR_ZONEFILE 508
-#define VAR_MASTER 509
-#define VAR_URL 510
-#define VAR_FOR_DOWNSTREAM 511
-#define VAR_FALLBACK_ENABLED 512
-#define VAR_TLS_ADDITIONAL_PORT 513
-#define VAR_LOW_RTT 514
-#define VAR_LOW_RTT_PERMIL 515
-#define VAR_FAST_SERVER_PERMIL 516
-#define VAR_FAST_SERVER_NUM 517
-#define VAR_ALLOW_NOTIFY 518
-#define VAR_TLS_WIN_CERT 519
-#define VAR_TCP_CONNECTION_LIMIT 520
-#define VAR_FORWARD_NO_CACHE 521
-#define VAR_STUB_NO_CACHE 522
-#define VAR_LOG_SERVFAIL 523
-#define VAR_DENY_ANY 524
-#define VAR_UNKNOWN_SERVER_TIME_LIMIT 525
-#define VAR_LOG_TAG_QUERYREPLY 526
-#define VAR_STREAM_WAIT_SIZE 527
-#define VAR_TLS_CIPHERS 528
-#define VAR_TLS_CIPHERSUITES 529
-#define VAR_IPSET 530
-#define VAR_IPSET_NAME_V4 531
-#define VAR_IPSET_NAME_V6 532
-#define VAR_TLS_SESSION_TICKET_KEYS 533
-#define VAR_RPZ 534
-#define VAR_TAGS 535
-#define VAR_RPZ_ACTION_OVERRIDE 536
-#define VAR_RPZ_CNAME_OVERRIDE 537
-#define VAR_RPZ_LOG 538
-#define VAR_RPZ_LOG_NAME 539
+#define VAR_IP_DSCP 431
+#define VAR_DISABLE_DNSSEC_LAME_CHECK 432
+#define VAR_IP_RATELIMIT 433
+#define VAR_IP_RATELIMIT_SLABS 434
+#define VAR_IP_RATELIMIT_SIZE 435
+#define VAR_RATELIMIT 436
+#define VAR_RATELIMIT_SLABS 437
+#define VAR_RATELIMIT_SIZE 438
+#define VAR_RATELIMIT_FOR_DOMAIN 439
+#define VAR_RATELIMIT_BELOW_DOMAIN 440
+#define VAR_IP_RATELIMIT_FACTOR 441
+#define VAR_RATELIMIT_FACTOR 442
+#define VAR_SEND_CLIENT_SUBNET 443
+#define VAR_CLIENT_SUBNET_ZONE 444
+#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 445
+#define VAR_CLIENT_SUBNET_OPCODE 446
+#define VAR_MAX_CLIENT_SUBNET_IPV4 447
+#define VAR_MAX_CLIENT_SUBNET_IPV6 448
+#define VAR_MIN_CLIENT_SUBNET_IPV4 449
+#define VAR_MIN_CLIENT_SUBNET_IPV6 450
+#define VAR_MAX_ECS_TREE_SIZE_IPV4 451
+#define VAR_MAX_ECS_TREE_SIZE_IPV6 452
+#define VAR_CAPS_WHITELIST 453
+#define VAR_CACHE_MAX_NEGATIVE_TTL 454
+#define VAR_PERMIT_SMALL_HOLDDOWN 455
+#define VAR_QNAME_MINIMISATION 456
+#define VAR_QNAME_MINIMISATION_STRICT 457
+#define VAR_IP_FREEBIND 458
+#define VAR_DEFINE_TAG 459
+#define VAR_LOCAL_ZONE_TAG 460
+#define VAR_ACCESS_CONTROL_TAG 461
+#define VAR_LOCAL_ZONE_OVERRIDE 462
+#define VAR_ACCESS_CONTROL_TAG_ACTION 463
+#define VAR_ACCESS_CONTROL_TAG_DATA 464
+#define VAR_VIEW 465
+#define VAR_ACCESS_CONTROL_VIEW 466
+#define VAR_VIEW_FIRST 467
+#define VAR_SERVE_EXPIRED 468
+#define VAR_SERVE_EXPIRED_TTL 469
+#define VAR_SERVE_EXPIRED_TTL_RESET 470
+#define VAR_SERVE_EXPIRED_REPLY_TTL 471
+#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 472
+#define VAR_FAKE_DSA 473
+#define VAR_FAKE_SHA1 474
+#define VAR_LOG_IDENTITY 475
+#define VAR_HIDE_TRUSTANCHOR 476
+#define VAR_TRUST_ANCHOR_SIGNALING 477
+#define VAR_AGGRESSIVE_NSEC 478
+#define VAR_USE_SYSTEMD 479
+#define VAR_SHM_ENABLE 480
+#define VAR_SHM_KEY 481
+#define VAR_ROOT_KEY_SENTINEL 482
+#define VAR_DNSCRYPT 483
+#define VAR_DNSCRYPT_ENABLE 484
+#define VAR_DNSCRYPT_PORT 485
+#define VAR_DNSCRYPT_PROVIDER 486
+#define VAR_DNSCRYPT_SECRET_KEY 487
+#define VAR_DNSCRYPT_PROVIDER_CERT 488
+#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 489
+#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 490
+#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 491
+#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 492
+#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 493
+#define VAR_IPSECMOD_ENABLED 494
+#define VAR_IPSECMOD_HOOK 495
+#define VAR_IPSECMOD_IGNORE_BOGUS 496
+#define VAR_IPSECMOD_MAX_TTL 497
+#define VAR_IPSECMOD_WHITELIST 498
+#define VAR_IPSECMOD_STRICT 499
+#define VAR_CACHEDB 500
+#define VAR_CACHEDB_BACKEND 501
+#define VAR_CACHEDB_SECRETSEED 502
+#define VAR_CACHEDB_REDISHOST 503
+#define VAR_CACHEDB_REDISPORT 504
+#define VAR_CACHEDB_REDISTIMEOUT 505
+#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 506
+#define VAR_FOR_UPSTREAM 507
+#define VAR_AUTH_ZONE 508
+#define VAR_ZONEFILE 509
+#define VAR_MASTER 510
+#define VAR_URL 511
+#define VAR_FOR_DOWNSTREAM 512
+#define VAR_FALLBACK_ENABLED 513
+#define VAR_TLS_ADDITIONAL_PORT 514
+#define VAR_LOW_RTT 515
+#define VAR_LOW_RTT_PERMIL 516
+#define VAR_FAST_SERVER_PERMIL 517
+#define VAR_FAST_SERVER_NUM 518
+#define VAR_ALLOW_NOTIFY 519
+#define VAR_TLS_WIN_CERT 520
+#define VAR_TCP_CONNECTION_LIMIT 521
+#define VAR_FORWARD_NO_CACHE 522
+#define VAR_STUB_NO_CACHE 523
+#define VAR_LOG_SERVFAIL 524
+#define VAR_DENY_ANY 525
+#define VAR_UNKNOWN_SERVER_TIME_LIMIT 526
+#define VAR_LOG_TAG_QUERYREPLY 527
+#define VAR_STREAM_WAIT_SIZE 528
+#define VAR_TLS_CIPHERS 529
+#define VAR_TLS_CIPHERSUITES 530
+#define VAR_IPSET 531
+#define VAR_IPSET_NAME_V4 532
+#define VAR_IPSET_NAME_V6 533
+#define VAR_TLS_SESSION_TICKET_KEYS 534
+#define VAR_RPZ 535
+#define VAR_TAGS 536
+#define VAR_RPZ_ACTION_OVERRIDE 537
+#define VAR_RPZ_CNAME_OVERRIDE 538
+#define VAR_RPZ_LOG 539
+#define VAR_RPZ_LOG_NAME 540
+
+
+
 
-/* Value type.  */
 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-union YYSTYPE
-{
+typedef union YYSTYPE
 #line 66 "./util/configparser.y"
-
+{
 	char*	str;
-
-#line 629 "util/configparser.h"
-
-};
-typedef union YYSTYPE YYSTYPE;
-# define YYSTYPE_IS_TRIVIAL 1
+}
+/* Line 1529 of yacc.c.  */
+#line 623 "util/configparser.h"
+	YYSTYPE;
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
 # define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
 #endif
 
-
 extern YYSTYPE yylval;
 
-int yyparse (void);
-
-#endif /* !YY_YY_UTIL_CONFIGPARSER_H_INCLUDED  */

util/configparser.y

@@ -129,6 +129,7 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
+%token VAR_IP_DSCP
 %token VAR_DISABLE_DNSSEC_LAME_CHECK
 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
@@ -241,6 +242,7 @@ content_server: server_num_threads | server_verbosity | server_port |
 	server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
 	server_infra_cache_min_rtt | server_harden_algo_downgrade |
 	server_ip_transparent | server_ip_ratelimit | server_ratelimit |
+	server_ip_dscp |
 	server_ip_ratelimit_slabs | server_ratelimit_slabs |
 	server_ip_ratelimit_size | server_ratelimit_size |
 	server_ratelimit_for_domain |
@@ -1258,6 +1260,20 @@ server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
         free($2);
     }
     ;
+server_ip_dscp: VAR_IP_DSCP STRING_ARG
+	{
+		OUTYY(("P(server_ip_dscp:%s)\n", $2));
+		if(atoi($2) == 0 && strcmp($2, "0") != 0)
+			yyerror("number expected");
+		else if (atoi($2) > 63)
+			yyerror("value too large (max 63)");
+		else if (atoi($2) < 0)
+			yyerror("value too small (min 0)");
+		else
+			cfg_parser->cfg->ip_dscp = atoi($2);
+		free($2);
+	}
+	;
 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
 	{
 		OUTYY(("P(server_stream_wait_size:%s)\n", $2));