upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-26 00:22:54 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #313 from NLnetLabs/edns-string

Browse source 
Replace edns-client-tag with edns-client-string option
This commit is contained in:
gthess 2020-11-23 17:34:42 +01:00 committed by GitHub
commit db945f018b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 3989 additions and 3338 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
daemon/daemon.c
View file

@ -291,7 +291,7 @@ daemon_init(void)
free(daemon);
return NULL;
}
if(!(daemon->env->edns_tags = edns_tags_create())) {
if(!(daemon->env->edns_strings = edns_strings_create())) {
auth_zones_delete(daemon->env->auth_zones);
acl_list_delete(daemon->acl);
tcl_list_delete(daemon->tcl);
@ -638,9 +638,9 @@ daemon_fork(struct daemon* daemon)
&daemon->use_rpz))
fatal_exit("auth_zones could not be setup");
/* Set-up EDNS tags */
if(!edns_tags_apply_cfg(daemon->env->edns_tags, daemon->cfg))
fatal_exit("Could not set up EDNS tags");
/* Set-up EDNS strings */
if(!edns_strings_apply_cfg(daemon->env->edns_strings, daemon->cfg))
fatal_exit("Could not set up EDNS strings");
/* setup modules */
daemon_setup_modules(daemon);
@ -773,7 +773,7 @@ daemon_delete(struct daemon* daemon)
rrset_cache_delete(daemon->env->rrset_cache);
infra_delete(daemon->env->infra_cache);
edns_known_options_delete(daemon->env);
edns_tags_delete(daemon->env->edns_tags);
edns_strings_delete(daemon->env->edns_strings);
auth_zones_delete(daemon->env->auth_zones);
}
ub_randfree(daemon->rand);

16
doc/unbound.conf.5.in
View file

@ -1550,15 +1550,15 @@ Set the number of servers that should be used for fast server selection. Only
use the fastest specified number of servers with the fast\-server\-permil
option, that turns this on or off. The default is to use the fastest 3 servers.
.TP 5
.B edns\-client\-tag: \fI<IP netblock> <tag data>
Include an edns-client-tag option in queries with destination address matching
the configured IP netblock. This configuration option can be used multiple
times. The most specific match will be used. The tag data is configured in
decimal format, from 0 to 65535.
.B edns\-client\-string: \fI<IP netblock> <string>
Include an EDNS0 option containing configured ascii string in queries with
destination address matching the configured IP netblock. This configuration
option can be used multiple times. The most specific match will be used.
.TP 5
.B edns\-client\-tag\-opcode: \fI<opcode>
EDNS0 option code for the edns-client-tag option, from 0 to 65535. Default is
16, as assigned by IANA.
.B edns\-client\-string\-opcode: \fI<opcode>
EDNS0 option code for the \fIedns\-client\-string\fR option, from 0 to 65535.
A value from the `Reserved for Local/Experimental` range (65001-65534) should
be used. Default is 65001.
.SS "Remote Control Options"
In the
.B remote\-control:

2
libunbound/context.c
View file

@ -80,7 +80,7 @@ context_finalize(struct ub_ctx* ctx)
return UB_INITFAIL;
if(!auth_zones_apply_cfg(ctx->env->auth_zones, cfg, 1, &is_rpz))
return UB_INITFAIL;
if(!edns_tags_apply_cfg(ctx->env->edns_tags, cfg))
if(!edns_strings_apply_cfg(ctx->env->edns_strings, cfg))
return UB_INITFAIL;
if(!slabhash_is_size(ctx->env->msg_cache, cfg->msg_cache_size,
cfg->msg_cache_slabs)) {

10
libunbound/libunbound.c
View file

@ -154,8 +154,8 @@ static struct ub_ctx* ub_ctx_create_nopipe(void)
errno = ENOMEM;
return NULL;
}
ctx->env->edns_tags = edns_tags_create();
if(!ctx->env->edns_tags) {
ctx->env->edns_strings = edns_strings_create();
if(!ctx->env->edns_strings) {
auth_zones_delete(ctx->env->auth_zones);
edns_known_options_delete(ctx->env);
config_delete(ctx->env->cfg);
@ -186,7 +186,7 @@ ub_ctx_create(void)
config_delete(ctx->env->cfg);
modstack_desetup(&ctx->mods, ctx->env);
edns_known_options_delete(ctx->env);
edns_tags_delete(ctx->env->edns_tags);
edns_strings_delete(ctx->env->edns_strings);
free(ctx->env);
free(ctx);
errno = e;
@ -199,7 +199,7 @@ ub_ctx_create(void)
config_delete(ctx->env->cfg);
modstack_desetup(&ctx->mods, ctx->env);
edns_known_options_delete(ctx->env);
edns_tags_delete(ctx->env->edns_tags);
edns_strings_delete(ctx->env->edns_strings);
free(ctx->env);
free(ctx);
errno = e;
@ -338,7 +338,7 @@ ub_ctx_delete(struct ub_ctx* ctx)
infra_delete(ctx->env->infra_cache);
config_delete(ctx->env->cfg);
edns_known_options_delete(ctx->env);
edns_tags_delete(ctx->env->edns_tags);
edns_strings_delete(ctx->env->edns_strings);
auth_zones_delete(ctx->env->auth_zones);
free(ctx->env);
}

12
services/outside_network.c
View file

@ -2125,18 +2125,18 @@ outnet_serviced_query(struct outside_network* outnet,
{
struct serviced_query* sq;
struct service_callback* cb;
struct edns_tag_addr* client_tag_addr;
struct edns_string_addr* client_string_addr;
if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen, zone, zonelen,
qstate, qstate->region))
return NULL;
if((client_tag_addr = edns_tag_addr_lookup(&env->edns_tags->client_tags,
addr, addrlen))) {
uint16_t client_tag = htons(client_tag_addr->tag_data);
if((client_string_addr = edns_string_addr_lookup(
&env->edns_strings->client_strings, addr, addrlen))) {
edns_opt_list_append(&qstate->edns_opts_back_out,
env->edns_tags->client_tag_opcode, 2,
(uint8_t*)&client_tag, qstate->region);
env->edns_strings->client_string_opcode,
client_string_addr->string_len,
client_string_addr->string, qstate->region);
}
serviced_gen_query(buff, qinfo->qname, qinfo->qname_len, qinfo->qtype,

12
testcode/fake_event.c
View file

@ -1214,7 +1214,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
sldns_buffer_flip(pend->buffer);
if(1) {
struct edns_data edns;
struct edns_tag_addr* client_tag_addr;
struct edns_string_addr* client_string_addr;
if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen,
zone, zonelen, qstate, qstate->region)) {
free(pend);
@ -1228,13 +1228,13 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
edns.bits = 0;
if(dnssec)
edns.bits = EDNS_DO;
if((client_tag_addr = edns_tag_addr_lookup(
&env->edns_tags->client_tags,
if((client_string_addr = edns_string_addr_lookup(
&env->edns_strings->client_strings,
addr, addrlen))) {
uint16_t client_tag = htons(client_tag_addr->tag_data);
edns_opt_list_append(&qstate->edns_opts_back_out,
env->edns_tags->client_tag_opcode, 2,
(uint8_t*)&client_tag, qstate->region);
env->edns_strings->client_string_opcode,
client_string_addr->string_len,
client_string_addr->string, qstate->region);
}
edns.opt_list = qstate->edns_opts_back_out;
attach_edns_record(pend->buffer, &edns);

47
testdata/edns_client_tag.rpl → testdata/edns_client_string.rpl vendored
View file

@ -1,14 +1,14 @@
; config options
server:
edns-client-tag: 10.0.0.0/24 1234
edns-client-tag: 10.0.0.10/32 5678
edns-client-string: 10.0.0.0/24 "abc d"
edns-client-string: 10.0.0.10/32 "123AbC!"
stub-zone:
name: "tag1234."
name: "edns-string-abc."
stub-addr: 10.0.0.1
stub-zone:
name: "tag5678."
name: "edns-string-123."
stub-addr: 10.0.0.10
stub-zone:
@ -17,7 +17,7 @@ stub-zone:
CONFIG_END
SCENARIO_BEGIN Test EDNS client tag option
SCENARIO_BEGIN Test EDNS string tag option
RANGE_BEGIN 0 1000
ADDRESS 10.0.0.1
@ -26,9 +26,9 @@ MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
tag1234. IN A
edns-string-abc. IN A
SECTION ANSWER
tag1234. IN A 10.20.30.40
edns-string-abc. IN A 10.20.30.40
SECTION ADDITIONAL
ENTRY_END
RANGE_END
@ -40,9 +40,9 @@ MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
tag5678. IN A
edns-string-123. IN A
SECTION ANSWER
tag5678. IN A 10.20.30.40
edns-string-123. IN A 10.20.30.40
SECTION ADDITIONAL
ENTRY_END
RANGE_END
@ -65,19 +65,19 @@ STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
tag1234. IN A
edns-string-abc. IN A
ENTRY_END
STEP 20 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode ednsdata
SECTION QUESTION
tag1234. IN A
edns-string-abc. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 10 ; Opcode 16
00 02 ; Length 2
04 d2 ; 1234
fd e9 ; Opcode 65001
00 05 ; Length 5
61 62 63 20 64 ; "abc d"
HEX_EDNSDATA_END
ENTRY_END
@ -86,28 +86,29 @@ ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
tag1234. IN A
edns-string-abc. IN A
SECTION ANSWER
tag1234. IN A 10.20.30.40
edns-string-abc. IN A 10.20.30.40
ENTRY_END
STEP 110 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
tag5678. IN A
edns-string-123. IN A
ENTRY_END
STEP 120 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode ednsdata
SECTION QUESTION
tag5678. IN A
edns-string-123. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 10 ; Opcode 16
00 02 ; Length 2
16 2e ; 5678
fd e9 ; Opcode 65001
00 07 ; Length 7
31 32 33 41 62 ; "123Ab"
43 21 ; "C!"
HEX_EDNSDATA_END
ENTRY_END
@ -116,9 +117,9 @@ ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
tag5678. IN A
edns-string-123. IN A
SECTION ANSWER
tag5678. IN A 10.20.30.40
edns-string-123. IN A 10.20.30.40
ENTRY_END
STEP 210 QUERY

153
testdata/edns_client_string_opcode.rpl vendored Normal file
View file

@ -0,0 +1,153 @@
; config options
server:
edns-client-string: 10.0.0.0/24 "abc d"
edns-client-string: 10.0.0.10/32 "123AbC!"
edns-client-string-opcode: 65432
stub-zone:
name: "edns-string-abc."
stub-addr: 10.0.0.1
stub-zone:
name: "edns-string-123."
stub-addr: 10.0.0.10
stub-zone:
name: "notag."
stub-addr: 10.10.0.1
CONFIG_END
SCENARIO_BEGIN Test EDNS string tag option
RANGE_BEGIN 0 1000
ADDRESS 10.0.0.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
edns-string-abc. IN A
SECTION ANSWER
edns-string-abc. IN A 10.20.30.40
SECTION ADDITIONAL
ENTRY_END
RANGE_END
RANGE_BEGIN 0 1000
ADDRESS 10.0.0.10
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
edns-string-123. IN A
SECTION ANSWER
edns-string-123. IN A 10.20.30.40
SECTION ADDITIONAL
ENTRY_END
RANGE_END
RANGE_BEGIN 0 1000
ADDRESS 10.10.0.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
notag. IN A
SECTION ANSWER
notag. IN A 10.20.30.40
SECTION ADDITIONAL
ENTRY_END
RANGE_END
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
edns-string-abc. IN A
ENTRY_END
STEP 20 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode ednsdata
SECTION QUESTION
edns-string-abc. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
ff 98 ; Opcode 65432
00 05 ; Length 5
61 62 63 20 64 ; "abc d"
HEX_EDNSDATA_END
ENTRY_END
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
edns-string-abc. IN A
SECTION ANSWER
edns-string-abc. IN A 10.20.30.40
ENTRY_END
STEP 110 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
edns-string-123. IN A
ENTRY_END
STEP 120 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode ednsdata
SECTION QUESTION
edns-string-123. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
ff 98 ; Opcode 65432
00 07 ; Length 7
31 32 33 41 62 ; "123Ab"
43 21 ; "C!"
HEX_EDNSDATA_END
ENTRY_END
STEP 130 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
edns-string-123. IN A
SECTION ANSWER
edns-string-123. IN A 10.20.30.40
ENTRY_END
STEP 210 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
notag. IN A
ENTRY_END
STEP 220 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode ednsdata
SECTION QUESTION
notag. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
HEX_EDNSDATA_END
ENTRY_END
STEP 230 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
notag. IN A
SECTION ANSWER
notag. IN A 10.20.30.40
ENTRY_END
SCENARIO_END

8
util/config_file.c
View file

@ -323,8 +323,8 @@ config_create(void)
cfg->qname_minimisation_strict = 0;
cfg->shm_enable = 0;
cfg->shm_key = 11777;
cfg->edns_client_tags = NULL;
cfg->edns_client_tag_opcode = LDNS_EDNS_CLIENT_TAG;
cfg->edns_client_strings = NULL;
cfg->edns_client_string_opcode = 65001;
cfg->dnscrypt = 0;
cfg->dnscrypt_port = 0;
cfg->dnscrypt_provider = NULL;
@ -1158,7 +1158,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_LS3(opt, "access-control-tag-action", acl_tag_actions)
else O_LS3(opt, "access-control-tag-data", acl_tag_datas)
else O_LS2(opt, "access-control-view", acl_view)
else O_LS2(opt, "edns-client-tags", edns_client_tags)
else O_LS2(opt, "edns-client-strings", edns_client_strings)
#ifdef USE_IPSECMOD
else O_YNO(opt, "ipsecmod-enabled", ipsecmod_enabled)
else O_YNO(opt, "ipsecmod-ignore-bogus", ipsecmod_ignore_bogus)
@ -1527,7 +1527,7 @@ config_delete(struct config_file* cfg)
config_deldblstrlist(cfg->ratelimit_below_domain);
config_delstrlist(cfg->python_script);
config_delstrlist(cfg->dynlib_file);
config_deldblstrlist(cfg->edns_client_tags);
config_deldblstrlist(cfg->edns_client_strings);
#ifdef USE_IPSECMOD
free(cfg->ipsecmod_hook);
config_delstrlist(cfg->ipsecmod_whitelist);

8
util/config_file.h
View file

@ -568,10 +568,10 @@ struct config_file {
/** SHM data - key for the shm */
int shm_key;
/** list of EDNS client tag entries, linked list */
struct config_str2list* edns_client_tags;
/** EDNS opcode to use for EDNS client tags */
uint16_t edns_client_tag_opcode;
/** list of EDNS client string entries, linked list */
struct config_str2list* edns_client_strings;
/** EDNS opcode to use for EDNS client strings */
uint16_t edns_client_string_opcode;
/** DNSCrypt */
/** true to enable dnscrypt */

2330
util/configlexer.c
View file

File diff suppressed because it is too large Load diff

4
util/configlexer.lex
View file

@ -529,8 +529,8 @@ name-v4{COLON} { YDVAR(1, VAR_IPSET_NAME_V4) }
name-v6{COLON} { YDVAR(1, VAR_IPSET_NAME_V6) }
udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) }
tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) }
edns-client-tag{COLON} { YDVAR(2, VAR_EDNS_CLIENT_TAG) }
edns-client-tag-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_TAG_OPCODE) }
edns-client-string{COLON} { YDVAR(2, VAR_EDNS_CLIENT_STRING) }
edns-client-string-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) }
<INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; }
/* Quoted strings. Strip leading and ending quotes */

3932
util/configparser.c
View file

File diff suppressed because it is too large Load diff

627
util/configparser.h
View file

@ -1,8 +1,8 @@
/* A Bison parser, made by GNU Bison 3.4.1. */
/* A Bison parser, made by GNU Bison 3.6.4. */
/* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2019 Free Software Foundation,
Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation,
Inc.
This program is free software: you can redistribute it and/or modify
@ -31,8 +31,9 @@
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
/* Undocumented macros, especially those whose name start with YY_,
are private implementation details. Do not rely on them. */
/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual,
especially those whose name start with YY_ or yy_. They are
private implementation details that can be changed or removed. */
#ifndef YY_YY_UTIL_CONFIGPARSER_H_INCLUDED
# define YY_YY_UTIL_CONFIGPARSER_H_INCLUDED
@ -44,314 +45,322 @@
extern int yydebug;
#endif
/* Token type. */
/* Token kinds. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
enum yytokentype
{
SPACE = 258,
LETTER = 259,
NEWLINE = 260,
COMMENT = 261,
COLON = 262,
ANY = 263,
ZONESTR = 264,
STRING_ARG = 265,
VAR_FORCE_TOPLEVEL = 266,
VAR_SERVER = 267,
VAR_VERBOSITY = 268,
VAR_NUM_THREADS = 269,
VAR_PORT = 270,
VAR_OUTGOING_RANGE = 271,
VAR_INTERFACE = 272,
VAR_PREFER_IP4 = 273,
VAR_DO_IP4 = 274,
VAR_DO_IP6 = 275,
VAR_PREFER_IP6 = 276,
VAR_DO_UDP = 277,
VAR_DO_TCP = 278,
VAR_TCP_MSS = 279,
VAR_OUTGOING_TCP_MSS = 280,
VAR_TCP_IDLE_TIMEOUT = 281,
VAR_EDNS_TCP_KEEPALIVE = 282,
VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 283,
VAR_CHROOT = 284,
VAR_USERNAME = 285,
VAR_DIRECTORY = 286,
VAR_LOGFILE = 287,
VAR_PIDFILE = 288,
VAR_MSG_CACHE_SIZE = 289,
VAR_MSG_CACHE_SLABS = 290,
VAR_NUM_QUERIES_PER_THREAD = 291,
VAR_RRSET_CACHE_SIZE = 292,
VAR_RRSET_CACHE_SLABS = 293,
VAR_OUTGOING_NUM_TCP = 294,
VAR_INFRA_HOST_TTL = 295,
VAR_INFRA_LAME_TTL = 296,
VAR_INFRA_CACHE_SLABS = 297,
VAR_INFRA_CACHE_NUMHOSTS = 298,
VAR_INFRA_CACHE_LAME_SIZE = 299,
VAR_NAME = 300,
VAR_STUB_ZONE = 301,
VAR_STUB_HOST = 302,
VAR_STUB_ADDR = 303,
VAR_TARGET_FETCH_POLICY = 304,
VAR_HARDEN_SHORT_BUFSIZE = 305,
VAR_HARDEN_LARGE_QUERIES = 306,
VAR_FORWARD_ZONE = 307,
VAR_FORWARD_HOST = 308,
VAR_FORWARD_ADDR = 309,
VAR_DO_NOT_QUERY_ADDRESS = 310,
VAR_HIDE_IDENTITY = 311,
VAR_HIDE_VERSION = 312,
VAR_IDENTITY = 313,
VAR_VERSION = 314,
VAR_HARDEN_GLUE = 315,
VAR_MODULE_CONF = 316,
VAR_TRUST_ANCHOR_FILE = 317,
VAR_TRUST_ANCHOR = 318,
VAR_VAL_OVERRIDE_DATE = 319,
VAR_BOGUS_TTL = 320,
VAR_VAL_CLEAN_ADDITIONAL = 321,
VAR_VAL_PERMISSIVE_MODE = 322,
VAR_INCOMING_NUM_TCP = 323,
VAR_MSG_BUFFER_SIZE = 324,
VAR_KEY_CACHE_SIZE = 325,
VAR_KEY_CACHE_SLABS = 326,
VAR_TRUSTED_KEYS_FILE = 327,
VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 328,
VAR_USE_SYSLOG = 329,
VAR_OUTGOING_INTERFACE = 330,
VAR_ROOT_HINTS = 331,
VAR_DO_NOT_QUERY_LOCALHOST = 332,
VAR_CACHE_MAX_TTL = 333,
VAR_HARDEN_DNSSEC_STRIPPED = 334,
VAR_ACCESS_CONTROL = 335,
VAR_LOCAL_ZONE = 336,
VAR_LOCAL_DATA = 337,
VAR_INTERFACE_AUTOMATIC = 338,
VAR_STATISTICS_INTERVAL = 339,
VAR_DO_DAEMONIZE = 340,
VAR_USE_CAPS_FOR_ID = 341,
VAR_STATISTICS_CUMULATIVE = 342,
VAR_OUTGOING_PORT_PERMIT = 343,
VAR_OUTGOING_PORT_AVOID = 344,
VAR_DLV_ANCHOR_FILE = 345,
VAR_DLV_ANCHOR = 346,
VAR_NEG_CACHE_SIZE = 347,
VAR_HARDEN_REFERRAL_PATH = 348,
VAR_PRIVATE_ADDRESS = 349,
VAR_PRIVATE_DOMAIN = 350,
VAR_REMOTE_CONTROL = 351,
VAR_CONTROL_ENABLE = 352,
VAR_CONTROL_INTERFACE = 353,
VAR_CONTROL_PORT = 354,
VAR_SERVER_KEY_FILE = 355,
VAR_SERVER_CERT_FILE = 356,
VAR_CONTROL_KEY_FILE = 357,
VAR_CONTROL_CERT_FILE = 358,
VAR_CONTROL_USE_CERT = 359,
VAR_EXTENDED_STATISTICS = 360,
VAR_LOCAL_DATA_PTR = 361,
VAR_JOSTLE_TIMEOUT = 362,
VAR_STUB_PRIME = 363,
VAR_UNWANTED_REPLY_THRESHOLD = 364,
VAR_LOG_TIME_ASCII = 365,
VAR_DOMAIN_INSECURE = 366,
VAR_PYTHON = 367,
VAR_PYTHON_SCRIPT = 368,
VAR_VAL_SIG_SKEW_MIN = 369,
VAR_VAL_SIG_SKEW_MAX = 370,
VAR_CACHE_MIN_TTL = 371,
VAR_VAL_LOG_LEVEL = 372,
VAR_AUTO_TRUST_ANCHOR_FILE = 373,
VAR_KEEP_MISSING = 374,
VAR_ADD_HOLDDOWN = 375,
VAR_DEL_HOLDDOWN = 376,
VAR_SO_RCVBUF = 377,
VAR_EDNS_BUFFER_SIZE = 378,
VAR_PREFETCH = 379,
VAR_PREFETCH_KEY = 380,
VAR_SO_SNDBUF = 381,
VAR_SO_REUSEPORT = 382,
VAR_HARDEN_BELOW_NXDOMAIN = 383,
VAR_IGNORE_CD_FLAG = 384,
VAR_LOG_QUERIES = 385,
VAR_LOG_REPLIES = 386,
VAR_LOG_LOCAL_ACTIONS = 387,
VAR_TCP_UPSTREAM = 388,
VAR_SSL_UPSTREAM = 389,
VAR_SSL_SERVICE_KEY = 390,
VAR_SSL_SERVICE_PEM = 391,
VAR_SSL_PORT = 392,
VAR_FORWARD_FIRST = 393,
VAR_STUB_SSL_UPSTREAM = 394,
VAR_FORWARD_SSL_UPSTREAM = 395,
VAR_TLS_CERT_BUNDLE = 396,
VAR_HTTPS_PORT = 397,
VAR_HTTP_ENDPOINT = 398,
VAR_HTTP_MAX_STREAMS = 399,
VAR_HTTP_QUERY_BUFFER_SIZE = 400,
VAR_HTTP_RESPONSE_BUFFER_SIZE = 401,
VAR_HTTP_NODELAY = 402,
VAR_HTTP_NOTLS_DOWNSTREAM = 403,
VAR_STUB_FIRST = 404,
VAR_MINIMAL_RESPONSES = 405,
VAR_RRSET_ROUNDROBIN = 406,
VAR_MAX_UDP_SIZE = 407,
VAR_DELAY_CLOSE = 408,
VAR_UDP_CONNECT = 409,
VAR_UNBLOCK_LAN_ZONES = 410,
VAR_INSECURE_LAN_ZONES = 411,
VAR_INFRA_CACHE_MIN_RTT = 412,
VAR_INFRA_KEEP_PROBING = 413,
VAR_DNS64_PREFIX = 414,
VAR_DNS64_SYNTHALL = 415,
VAR_DNS64_IGNORE_AAAA = 416,
VAR_DNSTAP = 417,
VAR_DNSTAP_ENABLE = 418,
VAR_DNSTAP_SOCKET_PATH = 419,
VAR_DNSTAP_IP = 420,
VAR_DNSTAP_TLS = 421,
VAR_DNSTAP_TLS_SERVER_NAME = 422,
VAR_DNSTAP_TLS_CERT_BUNDLE = 423,
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424,
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425,
VAR_DNSTAP_SEND_IDENTITY = 426,
VAR_DNSTAP_SEND_VERSION = 427,
VAR_DNSTAP_BIDIRECTIONAL = 428,
VAR_DNSTAP_IDENTITY = 429,
VAR_DNSTAP_VERSION = 430,
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431,
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432,
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433,
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434,
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435,
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436,
VAR_RESPONSE_IP_TAG = 437,
VAR_RESPONSE_IP = 438,
VAR_RESPONSE_IP_DATA = 439,
VAR_HARDEN_ALGO_DOWNGRADE = 440,
VAR_IP_TRANSPARENT = 441,
VAR_IP_DSCP = 442,
VAR_DISABLE_DNSSEC_LAME_CHECK = 443,
VAR_IP_RATELIMIT = 444,
VAR_IP_RATELIMIT_SLABS = 445,
VAR_IP_RATELIMIT_SIZE = 446,
VAR_RATELIMIT = 447,
VAR_RATELIMIT_SLABS = 448,
VAR_RATELIMIT_SIZE = 449,
VAR_RATELIMIT_FOR_DOMAIN = 450,
VAR_RATELIMIT_BELOW_DOMAIN = 451,
VAR_IP_RATELIMIT_FACTOR = 452,
VAR_RATELIMIT_FACTOR = 453,
VAR_SEND_CLIENT_SUBNET = 454,
VAR_CLIENT_SUBNET_ZONE = 455,
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456,
VAR_CLIENT_SUBNET_OPCODE = 457,
VAR_MAX_CLIENT_SUBNET_IPV4 = 458,
VAR_MAX_CLIENT_SUBNET_IPV6 = 459,
VAR_MIN_CLIENT_SUBNET_IPV4 = 460,
VAR_MIN_CLIENT_SUBNET_IPV6 = 461,
VAR_MAX_ECS_TREE_SIZE_IPV4 = 462,
VAR_MAX_ECS_TREE_SIZE_IPV6 = 463,
VAR_CAPS_WHITELIST = 464,
VAR_CACHE_MAX_NEGATIVE_TTL = 465,
VAR_PERMIT_SMALL_HOLDDOWN = 466,
VAR_QNAME_MINIMISATION = 467,
VAR_QNAME_MINIMISATION_STRICT = 468,
VAR_IP_FREEBIND = 469,
VAR_DEFINE_TAG = 470,
VAR_LOCAL_ZONE_TAG = 471,
VAR_ACCESS_CONTROL_TAG = 472,
VAR_LOCAL_ZONE_OVERRIDE = 473,
VAR_ACCESS_CONTROL_TAG_ACTION = 474,
VAR_ACCESS_CONTROL_TAG_DATA = 475,
VAR_VIEW = 476,
VAR_ACCESS_CONTROL_VIEW = 477,
VAR_VIEW_FIRST = 478,
VAR_SERVE_EXPIRED = 479,
VAR_SERVE_EXPIRED_TTL = 480,
VAR_SERVE_EXPIRED_TTL_RESET = 481,
VAR_SERVE_EXPIRED_REPLY_TTL = 482,
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483,
VAR_FAKE_DSA = 484,
VAR_FAKE_SHA1 = 485,
VAR_LOG_IDENTITY = 486,
VAR_HIDE_TRUSTANCHOR = 487,
VAR_TRUST_ANCHOR_SIGNALING = 488,
VAR_AGGRESSIVE_NSEC = 489,
VAR_USE_SYSTEMD = 490,
VAR_SHM_ENABLE = 491,
VAR_SHM_KEY = 492,
VAR_ROOT_KEY_SENTINEL = 493,
VAR_DNSCRYPT = 494,
VAR_DNSCRYPT_ENABLE = 495,
VAR_DNSCRYPT_PORT = 496,
VAR_DNSCRYPT_PROVIDER = 497,
VAR_DNSCRYPT_SECRET_KEY = 498,
VAR_DNSCRYPT_PROVIDER_CERT = 499,
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 500,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 501,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 502,
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 503,
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 504,
VAR_IPSECMOD_ENABLED = 505,
VAR_IPSECMOD_HOOK = 506,
VAR_IPSECMOD_IGNORE_BOGUS = 507,
VAR_IPSECMOD_MAX_TTL = 508,
VAR_IPSECMOD_WHITELIST = 509,
VAR_IPSECMOD_STRICT = 510,
VAR_CACHEDB = 511,
VAR_CACHEDB_BACKEND = 512,
VAR_CACHEDB_SECRETSEED = 513,
VAR_CACHEDB_REDISHOST = 514,
VAR_CACHEDB_REDISPORT = 515,
VAR_CACHEDB_REDISTIMEOUT = 516,
VAR_CACHEDB_REDISEXPIRERECORDS = 517,
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 518,
VAR_FOR_UPSTREAM = 519,
VAR_AUTH_ZONE = 520,
VAR_ZONEFILE = 521,
VAR_MASTER = 522,
VAR_URL = 523,
VAR_FOR_DOWNSTREAM = 524,
VAR_FALLBACK_ENABLED = 525,
VAR_TLS_ADDITIONAL_PORT = 526,
VAR_LOW_RTT = 527,
VAR_LOW_RTT_PERMIL = 528,
VAR_FAST_SERVER_PERMIL = 529,
VAR_FAST_SERVER_NUM = 530,
VAR_ALLOW_NOTIFY = 531,
VAR_TLS_WIN_CERT = 532,
VAR_TCP_CONNECTION_LIMIT = 533,
VAR_FORWARD_NO_CACHE = 534,
VAR_STUB_NO_CACHE = 535,
VAR_LOG_SERVFAIL = 536,
VAR_DENY_ANY = 537,
VAR_UNKNOWN_SERVER_TIME_LIMIT = 538,
VAR_LOG_TAG_QUERYREPLY = 539,
VAR_STREAM_WAIT_SIZE = 540,
VAR_TLS_CIPHERS = 541,
VAR_TLS_CIPHERSUITES = 542,
VAR_TLS_USE_SNI = 543,
VAR_IPSET = 544,
VAR_IPSET_NAME_V4 = 545,
VAR_IPSET_NAME_V6 = 546,
VAR_TLS_SESSION_TICKET_KEYS = 547,
VAR_RPZ = 548,
VAR_TAGS = 549,
VAR_RPZ_ACTION_OVERRIDE = 550,
VAR_RPZ_CNAME_OVERRIDE = 551,
VAR_RPZ_LOG = 552,
VAR_RPZ_LOG_NAME = 553,
VAR_DYNLIB = 554,
VAR_DYNLIB_FILE = 555,
VAR_EDNS_CLIENT_TAG = 556,
VAR_EDNS_CLIENT_TAG_OPCODE = 557
YYEMPTY = -2,
YYEOF = 0, /* "end of file" */
YYerror = 256, /* error */
YYUNDEF = 257, /* "invalid token" */
SPACE = 258, /* SPACE */
LETTER = 259, /* LETTER */
NEWLINE = 260, /* NEWLINE */
COMMENT = 261, /* COMMENT */
COLON = 262, /* COLON */
ANY = 263, /* ANY */
ZONESTR = 264, /* ZONESTR */
STRING_ARG = 265, /* STRING_ARG */
VAR_FORCE_TOPLEVEL = 266, /* VAR_FORCE_TOPLEVEL */
VAR_SERVER = 267, /* VAR_SERVER */
VAR_VERBOSITY = 268, /* VAR_VERBOSITY */
VAR_NUM_THREADS = 269, /* VAR_NUM_THREADS */
VAR_PORT = 270, /* VAR_PORT */
VAR_OUTGOING_RANGE = 271, /* VAR_OUTGOING_RANGE */
VAR_INTERFACE = 272, /* VAR_INTERFACE */
VAR_PREFER_IP4 = 273, /* VAR_PREFER_IP4 */
VAR_DO_IP4 = 274, /* VAR_DO_IP4 */
VAR_DO_IP6 = 275, /* VAR_DO_IP6 */
VAR_PREFER_IP6 = 276, /* VAR_PREFER_IP6 */
VAR_DO_UDP = 277, /* VAR_DO_UDP */
VAR_DO_TCP = 278, /* VAR_DO_TCP */
VAR_TCP_MSS = 279, /* VAR_TCP_MSS */
VAR_OUTGOING_TCP_MSS = 280, /* VAR_OUTGOING_TCP_MSS */
VAR_TCP_IDLE_TIMEOUT = 281, /* VAR_TCP_IDLE_TIMEOUT */
VAR_EDNS_TCP_KEEPALIVE = 282, /* VAR_EDNS_TCP_KEEPALIVE */
VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 283, /* VAR_EDNS_TCP_KEEPALIVE_TIMEOUT */
VAR_CHROOT = 284, /* VAR_CHROOT */
VAR_USERNAME = 285, /* VAR_USERNAME */
VAR_DIRECTORY = 286, /* VAR_DIRECTORY */
VAR_LOGFILE = 287, /* VAR_LOGFILE */
VAR_PIDFILE = 288, /* VAR_PIDFILE */
VAR_MSG_CACHE_SIZE = 289, /* VAR_MSG_CACHE_SIZE */
VAR_MSG_CACHE_SLABS = 290, /* VAR_MSG_CACHE_SLABS */
VAR_NUM_QUERIES_PER_THREAD = 291, /* VAR_NUM_QUERIES_PER_THREAD */
VAR_RRSET_CACHE_SIZE = 292, /* VAR_RRSET_CACHE_SIZE */
VAR_RRSET_CACHE_SLABS = 293, /* VAR_RRSET_CACHE_SLABS */
VAR_OUTGOING_NUM_TCP = 294, /* VAR_OUTGOING_NUM_TCP */
VAR_INFRA_HOST_TTL = 295, /* VAR_INFRA_HOST_TTL */
VAR_INFRA_LAME_TTL = 296, /* VAR_INFRA_LAME_TTL */
VAR_INFRA_CACHE_SLABS = 297, /* VAR_INFRA_CACHE_SLABS */
VAR_INFRA_CACHE_NUMHOSTS = 298, /* VAR_INFRA_CACHE_NUMHOSTS */
VAR_INFRA_CACHE_LAME_SIZE = 299, /* VAR_INFRA_CACHE_LAME_SIZE */
VAR_NAME = 300, /* VAR_NAME */
VAR_STUB_ZONE = 301, /* VAR_STUB_ZONE */
VAR_STUB_HOST = 302, /* VAR_STUB_HOST */
VAR_STUB_ADDR = 303, /* VAR_STUB_ADDR */
VAR_TARGET_FETCH_POLICY = 304, /* VAR_TARGET_FETCH_POLICY */
VAR_HARDEN_SHORT_BUFSIZE = 305, /* VAR_HARDEN_SHORT_BUFSIZE */
VAR_HARDEN_LARGE_QUERIES = 306, /* VAR_HARDEN_LARGE_QUERIES */
VAR_FORWARD_ZONE = 307, /* VAR_FORWARD_ZONE */
VAR_FORWARD_HOST = 308, /* VAR_FORWARD_HOST */
VAR_FORWARD_ADDR = 309, /* VAR_FORWARD_ADDR */
VAR_DO_NOT_QUERY_ADDRESS = 310, /* VAR_DO_NOT_QUERY_ADDRESS */
VAR_HIDE_IDENTITY = 311, /* VAR_HIDE_IDENTITY */
VAR_HIDE_VERSION = 312, /* VAR_HIDE_VERSION */
VAR_IDENTITY = 313, /* VAR_IDENTITY */
VAR_VERSION = 314, /* VAR_VERSION */
VAR_HARDEN_GLUE = 315, /* VAR_HARDEN_GLUE */
VAR_MODULE_CONF = 316, /* VAR_MODULE_CONF */
VAR_TRUST_ANCHOR_FILE = 317, /* VAR_TRUST_ANCHOR_FILE */
VAR_TRUST_ANCHOR = 318, /* VAR_TRUST_ANCHOR */
VAR_VAL_OVERRIDE_DATE = 319, /* VAR_VAL_OVERRIDE_DATE */
VAR_BOGUS_TTL = 320, /* VAR_BOGUS_TTL */
VAR_VAL_CLEAN_ADDITIONAL = 321, /* VAR_VAL_CLEAN_ADDITIONAL */
VAR_VAL_PERMISSIVE_MODE = 322, /* VAR_VAL_PERMISSIVE_MODE */
VAR_INCOMING_NUM_TCP = 323, /* VAR_INCOMING_NUM_TCP */
VAR_MSG_BUFFER_SIZE = 324, /* VAR_MSG_BUFFER_SIZE */
VAR_KEY_CACHE_SIZE = 325, /* VAR_KEY_CACHE_SIZE */
VAR_KEY_CACHE_SLABS = 326, /* VAR_KEY_CACHE_SLABS */
VAR_TRUSTED_KEYS_FILE = 327, /* VAR_TRUSTED_KEYS_FILE */
VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 328, /* VAR_VAL_NSEC3_KEYSIZE_ITERATIONS */
VAR_USE_SYSLOG = 329, /* VAR_USE_SYSLOG */
VAR_OUTGOING_INTERFACE = 330, /* VAR_OUTGOING_INTERFACE */
VAR_ROOT_HINTS = 331, /* VAR_ROOT_HINTS */
VAR_DO_NOT_QUERY_LOCALHOST = 332, /* VAR_DO_NOT_QUERY_LOCALHOST */
VAR_CACHE_MAX_TTL = 333, /* VAR_CACHE_MAX_TTL */
VAR_HARDEN_DNSSEC_STRIPPED = 334, /* VAR_HARDEN_DNSSEC_STRIPPED */
VAR_ACCESS_CONTROL = 335, /* VAR_ACCESS_CONTROL */
VAR_LOCAL_ZONE = 336, /* VAR_LOCAL_ZONE */
VAR_LOCAL_DATA = 337, /* VAR_LOCAL_DATA */
VAR_INTERFACE_AUTOMATIC = 338, /* VAR_INTERFACE_AUTOMATIC */
VAR_STATISTICS_INTERVAL = 339, /* VAR_STATISTICS_INTERVAL */
VAR_DO_DAEMONIZE = 340, /* VAR_DO_DAEMONIZE */
VAR_USE_CAPS_FOR_ID = 341, /* VAR_USE_CAPS_FOR_ID */
VAR_STATISTICS_CUMULATIVE = 342, /* VAR_STATISTICS_CUMULATIVE */
VAR_OUTGOING_PORT_PERMIT = 343, /* VAR_OUTGOING_PORT_PERMIT */
VAR_OUTGOING_PORT_AVOID = 344, /* VAR_OUTGOING_PORT_AVOID */
VAR_DLV_ANCHOR_FILE = 345, /* VAR_DLV_ANCHOR_FILE */
VAR_DLV_ANCHOR = 346, /* VAR_DLV_ANCHOR */
VAR_NEG_CACHE_SIZE = 347, /* VAR_NEG_CACHE_SIZE */
VAR_HARDEN_REFERRAL_PATH = 348, /* VAR_HARDEN_REFERRAL_PATH */
VAR_PRIVATE_ADDRESS = 349, /* VAR_PRIVATE_ADDRESS */
VAR_PRIVATE_DOMAIN = 350, /* VAR_PRIVATE_DOMAIN */
VAR_REMOTE_CONTROL = 351, /* VAR_REMOTE_CONTROL */
VAR_CONTROL_ENABLE = 352, /* VAR_CONTROL_ENABLE */
VAR_CONTROL_INTERFACE = 353, /* VAR_CONTROL_INTERFACE */
VAR_CONTROL_PORT = 354, /* VAR_CONTROL_PORT */
VAR_SERVER_KEY_FILE = 355, /* VAR_SERVER_KEY_FILE */
VAR_SERVER_CERT_FILE = 356, /* VAR_SERVER_CERT_FILE */
VAR_CONTROL_KEY_FILE = 357, /* VAR_CONTROL_KEY_FILE */
VAR_CONTROL_CERT_FILE = 358, /* VAR_CONTROL_CERT_FILE */
VAR_CONTROL_USE_CERT = 359, /* VAR_CONTROL_USE_CERT */
VAR_EXTENDED_STATISTICS = 360, /* VAR_EXTENDED_STATISTICS */
VAR_LOCAL_DATA_PTR = 361, /* VAR_LOCAL_DATA_PTR */
VAR_JOSTLE_TIMEOUT = 362, /* VAR_JOSTLE_TIMEOUT */
VAR_STUB_PRIME = 363, /* VAR_STUB_PRIME */
VAR_UNWANTED_REPLY_THRESHOLD = 364, /* VAR_UNWANTED_REPLY_THRESHOLD */
VAR_LOG_TIME_ASCII = 365, /* VAR_LOG_TIME_ASCII */
VAR_DOMAIN_INSECURE = 366, /* VAR_DOMAIN_INSECURE */
VAR_PYTHON = 367, /* VAR_PYTHON */
VAR_PYTHON_SCRIPT = 368, /* VAR_PYTHON_SCRIPT */
VAR_VAL_SIG_SKEW_MIN = 369, /* VAR_VAL_SIG_SKEW_MIN */
VAR_VAL_SIG_SKEW_MAX = 370, /* VAR_VAL_SIG_SKEW_MAX */
VAR_CACHE_MIN_TTL = 371, /* VAR_CACHE_MIN_TTL */
VAR_VAL_LOG_LEVEL = 372, /* VAR_VAL_LOG_LEVEL */
VAR_AUTO_TRUST_ANCHOR_FILE = 373, /* VAR_AUTO_TRUST_ANCHOR_FILE */
VAR_KEEP_MISSING = 374, /* VAR_KEEP_MISSING */
VAR_ADD_HOLDDOWN = 375, /* VAR_ADD_HOLDDOWN */
VAR_DEL_HOLDDOWN = 376, /* VAR_DEL_HOLDDOWN */
VAR_SO_RCVBUF = 377, /* VAR_SO_RCVBUF */
VAR_EDNS_BUFFER_SIZE = 378, /* VAR_EDNS_BUFFER_SIZE */
VAR_PREFETCH = 379, /* VAR_PREFETCH */
VAR_PREFETCH_KEY = 380, /* VAR_PREFETCH_KEY */
VAR_SO_SNDBUF = 381, /* VAR_SO_SNDBUF */
VAR_SO_REUSEPORT = 382, /* VAR_SO_REUSEPORT */
VAR_HARDEN_BELOW_NXDOMAIN = 383, /* VAR_HARDEN_BELOW_NXDOMAIN */
VAR_IGNORE_CD_FLAG = 384, /* VAR_IGNORE_CD_FLAG */
VAR_LOG_QUERIES = 385, /* VAR_LOG_QUERIES */
VAR_LOG_REPLIES = 386, /* VAR_LOG_REPLIES */
VAR_LOG_LOCAL_ACTIONS = 387, /* VAR_LOG_LOCAL_ACTIONS */
VAR_TCP_UPSTREAM = 388, /* VAR_TCP_UPSTREAM */
VAR_SSL_UPSTREAM = 389, /* VAR_SSL_UPSTREAM */
VAR_SSL_SERVICE_KEY = 390, /* VAR_SSL_SERVICE_KEY */
VAR_SSL_SERVICE_PEM = 391, /* VAR_SSL_SERVICE_PEM */
VAR_SSL_PORT = 392, /* VAR_SSL_PORT */
VAR_FORWARD_FIRST = 393, /* VAR_FORWARD_FIRST */
VAR_STUB_SSL_UPSTREAM = 394, /* VAR_STUB_SSL_UPSTREAM */
VAR_FORWARD_SSL_UPSTREAM = 395, /* VAR_FORWARD_SSL_UPSTREAM */
VAR_TLS_CERT_BUNDLE = 396, /* VAR_TLS_CERT_BUNDLE */
VAR_HTTPS_PORT = 397, /* VAR_HTTPS_PORT */
VAR_HTTP_ENDPOINT = 398, /* VAR_HTTP_ENDPOINT */
VAR_HTTP_MAX_STREAMS = 399, /* VAR_HTTP_MAX_STREAMS */
VAR_HTTP_QUERY_BUFFER_SIZE = 400, /* VAR_HTTP_QUERY_BUFFER_SIZE */
VAR_HTTP_RESPONSE_BUFFER_SIZE = 401, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */
VAR_HTTP_NODELAY = 402, /* VAR_HTTP_NODELAY */
VAR_HTTP_NOTLS_DOWNSTREAM = 403, /* VAR_HTTP_NOTLS_DOWNSTREAM */
VAR_STUB_FIRST = 404, /* VAR_STUB_FIRST */
VAR_MINIMAL_RESPONSES = 405, /* VAR_MINIMAL_RESPONSES */
VAR_RRSET_ROUNDROBIN = 406, /* VAR_RRSET_ROUNDROBIN */
VAR_MAX_UDP_SIZE = 407, /* VAR_MAX_UDP_SIZE */
VAR_DELAY_CLOSE = 408, /* VAR_DELAY_CLOSE */
VAR_UDP_CONNECT = 409, /* VAR_UDP_CONNECT */
VAR_UNBLOCK_LAN_ZONES = 410, /* VAR_UNBLOCK_LAN_ZONES */
VAR_INSECURE_LAN_ZONES = 411, /* VAR_INSECURE_LAN_ZONES */
VAR_INFRA_CACHE_MIN_RTT = 412, /* VAR_INFRA_CACHE_MIN_RTT */
VAR_INFRA_KEEP_PROBING = 413, /* VAR_INFRA_KEEP_PROBING */
VAR_DNS64_PREFIX = 414, /* VAR_DNS64_PREFIX */
VAR_DNS64_SYNTHALL = 415, /* VAR_DNS64_SYNTHALL */
VAR_DNS64_IGNORE_AAAA = 416, /* VAR_DNS64_IGNORE_AAAA */
VAR_DNSTAP = 417, /* VAR_DNSTAP */
VAR_DNSTAP_ENABLE = 418, /* VAR_DNSTAP_ENABLE */
VAR_DNSTAP_SOCKET_PATH = 419, /* VAR_DNSTAP_SOCKET_PATH */
VAR_DNSTAP_IP = 420, /* VAR_DNSTAP_IP */
VAR_DNSTAP_TLS = 421, /* VAR_DNSTAP_TLS */
VAR_DNSTAP_TLS_SERVER_NAME = 422, /* VAR_DNSTAP_TLS_SERVER_NAME */
VAR_DNSTAP_TLS_CERT_BUNDLE = 423, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
VAR_DNSTAP_SEND_IDENTITY = 426, /* VAR_DNSTAP_SEND_IDENTITY */
VAR_DNSTAP_SEND_VERSION = 427, /* VAR_DNSTAP_SEND_VERSION */
VAR_DNSTAP_BIDIRECTIONAL = 428, /* VAR_DNSTAP_BIDIRECTIONAL */
VAR_DNSTAP_IDENTITY = 429, /* VAR_DNSTAP_IDENTITY */
VAR_DNSTAP_VERSION = 430, /* VAR_DNSTAP_VERSION */
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
VAR_RESPONSE_IP_TAG = 437, /* VAR_RESPONSE_IP_TAG */
VAR_RESPONSE_IP = 438, /* VAR_RESPONSE_IP */
VAR_RESPONSE_IP_DATA = 439, /* VAR_RESPONSE_IP_DATA */
VAR_HARDEN_ALGO_DOWNGRADE = 440, /* VAR_HARDEN_ALGO_DOWNGRADE */
VAR_IP_TRANSPARENT = 441, /* VAR_IP_TRANSPARENT */
VAR_IP_DSCP = 442, /* VAR_IP_DSCP */
VAR_DISABLE_DNSSEC_LAME_CHECK = 443, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
VAR_IP_RATELIMIT = 444, /* VAR_IP_RATELIMIT */
VAR_IP_RATELIMIT_SLABS = 445, /* VAR_IP_RATELIMIT_SLABS */
VAR_IP_RATELIMIT_SIZE = 446, /* VAR_IP_RATELIMIT_SIZE */
VAR_RATELIMIT = 447, /* VAR_RATELIMIT */
VAR_RATELIMIT_SLABS = 448, /* VAR_RATELIMIT_SLABS */
VAR_RATELIMIT_SIZE = 449, /* VAR_RATELIMIT_SIZE */
VAR_RATELIMIT_FOR_DOMAIN = 450, /* VAR_RATELIMIT_FOR_DOMAIN */
VAR_RATELIMIT_BELOW_DOMAIN = 451, /* VAR_RATELIMIT_BELOW_DOMAIN */
VAR_IP_RATELIMIT_FACTOR = 452, /* VAR_IP_RATELIMIT_FACTOR */
VAR_RATELIMIT_FACTOR = 453, /* VAR_RATELIMIT_FACTOR */
VAR_SEND_CLIENT_SUBNET = 454, /* VAR_SEND_CLIENT_SUBNET */
VAR_CLIENT_SUBNET_ZONE = 455, /* VAR_CLIENT_SUBNET_ZONE */
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
VAR_CLIENT_SUBNET_OPCODE = 457, /* VAR_CLIENT_SUBNET_OPCODE */
VAR_MAX_CLIENT_SUBNET_IPV4 = 458, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
VAR_MAX_CLIENT_SUBNET_IPV6 = 459, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
VAR_MIN_CLIENT_SUBNET_IPV4 = 460, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
VAR_MIN_CLIENT_SUBNET_IPV6 = 461, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
VAR_MAX_ECS_TREE_SIZE_IPV4 = 462, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
VAR_MAX_ECS_TREE_SIZE_IPV6 = 463, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
VAR_CAPS_WHITELIST = 464, /* VAR_CAPS_WHITELIST */
VAR_CACHE_MAX_NEGATIVE_TTL = 465, /* VAR_CACHE_MAX_NEGATIVE_TTL */
VAR_PERMIT_SMALL_HOLDDOWN = 466, /* VAR_PERMIT_SMALL_HOLDDOWN */
VAR_QNAME_MINIMISATION = 467, /* VAR_QNAME_MINIMISATION */
VAR_QNAME_MINIMISATION_STRICT = 468, /* VAR_QNAME_MINIMISATION_STRICT */
VAR_IP_FREEBIND = 469, /* VAR_IP_FREEBIND */
VAR_DEFINE_TAG = 470, /* VAR_DEFINE_TAG */
VAR_LOCAL_ZONE_TAG = 471, /* VAR_LOCAL_ZONE_TAG */
VAR_ACCESS_CONTROL_TAG = 472, /* VAR_ACCESS_CONTROL_TAG */
VAR_LOCAL_ZONE_OVERRIDE = 473, /* VAR_LOCAL_ZONE_OVERRIDE */
VAR_ACCESS_CONTROL_TAG_ACTION = 474, /* VAR_ACCESS_CONTROL_TAG_ACTION */
VAR_ACCESS_CONTROL_TAG_DATA = 475, /* VAR_ACCESS_CONTROL_TAG_DATA */
VAR_VIEW = 476, /* VAR_VIEW */
VAR_ACCESS_CONTROL_VIEW = 477, /* VAR_ACCESS_CONTROL_VIEW */
VAR_VIEW_FIRST = 478, /* VAR_VIEW_FIRST */
VAR_SERVE_EXPIRED = 479, /* VAR_SERVE_EXPIRED */
VAR_SERVE_EXPIRED_TTL = 480, /* VAR_SERVE_EXPIRED_TTL */
VAR_SERVE_EXPIRED_TTL_RESET = 481, /* VAR_SERVE_EXPIRED_TTL_RESET */
VAR_SERVE_EXPIRED_REPLY_TTL = 482, /* VAR_SERVE_EXPIRED_REPLY_TTL */
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
VAR_FAKE_DSA = 484, /* VAR_FAKE_DSA */
VAR_FAKE_SHA1 = 485, /* VAR_FAKE_SHA1 */
VAR_LOG_IDENTITY = 486, /* VAR_LOG_IDENTITY */
VAR_HIDE_TRUSTANCHOR = 487, /* VAR_HIDE_TRUSTANCHOR */
VAR_TRUST_ANCHOR_SIGNALING = 488, /* VAR_TRUST_ANCHOR_SIGNALING */
VAR_AGGRESSIVE_NSEC = 489, /* VAR_AGGRESSIVE_NSEC */
VAR_USE_SYSTEMD = 490, /* VAR_USE_SYSTEMD */
VAR_SHM_ENABLE = 491, /* VAR_SHM_ENABLE */
VAR_SHM_KEY = 492, /* VAR_SHM_KEY */
VAR_ROOT_KEY_SENTINEL = 493, /* VAR_ROOT_KEY_SENTINEL */
VAR_DNSCRYPT = 494, /* VAR_DNSCRYPT */
VAR_DNSCRYPT_ENABLE = 495, /* VAR_DNSCRYPT_ENABLE */
VAR_DNSCRYPT_PORT = 496, /* VAR_DNSCRYPT_PORT */
VAR_DNSCRYPT_PROVIDER = 497, /* VAR_DNSCRYPT_PROVIDER */
VAR_DNSCRYPT_SECRET_KEY = 498, /* VAR_DNSCRYPT_SECRET_KEY */
VAR_DNSCRYPT_PROVIDER_CERT = 499, /* VAR_DNSCRYPT_PROVIDER_CERT */
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 500, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 501, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 502, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 503, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 504, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
VAR_IPSECMOD_ENABLED = 505, /* VAR_IPSECMOD_ENABLED */
VAR_IPSECMOD_HOOK = 506, /* VAR_IPSECMOD_HOOK */
VAR_IPSECMOD_IGNORE_BOGUS = 507, /* VAR_IPSECMOD_IGNORE_BOGUS */
VAR_IPSECMOD_MAX_TTL = 508, /* VAR_IPSECMOD_MAX_TTL */
VAR_IPSECMOD_WHITELIST = 509, /* VAR_IPSECMOD_WHITELIST */
VAR_IPSECMOD_STRICT = 510, /* VAR_IPSECMOD_STRICT */
VAR_CACHEDB = 511, /* VAR_CACHEDB */
VAR_CACHEDB_BACKEND = 512, /* VAR_CACHEDB_BACKEND */
VAR_CACHEDB_SECRETSEED = 513, /* VAR_CACHEDB_SECRETSEED */
VAR_CACHEDB_REDISHOST = 514, /* VAR_CACHEDB_REDISHOST */
VAR_CACHEDB_REDISPORT = 515, /* VAR_CACHEDB_REDISPORT */
VAR_CACHEDB_REDISTIMEOUT = 516, /* VAR_CACHEDB_REDISTIMEOUT */
VAR_CACHEDB_REDISEXPIRERECORDS = 517, /* VAR_CACHEDB_REDISEXPIRERECORDS */
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 518, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
VAR_FOR_UPSTREAM = 519, /* VAR_FOR_UPSTREAM */
VAR_AUTH_ZONE = 520, /* VAR_AUTH_ZONE */
VAR_ZONEFILE = 521, /* VAR_ZONEFILE */
VAR_MASTER = 522, /* VAR_MASTER */
VAR_URL = 523, /* VAR_URL */
VAR_FOR_DOWNSTREAM = 524, /* VAR_FOR_DOWNSTREAM */
VAR_FALLBACK_ENABLED = 525, /* VAR_FALLBACK_ENABLED */
VAR_TLS_ADDITIONAL_PORT = 526, /* VAR_TLS_ADDITIONAL_PORT */
VAR_LOW_RTT = 527, /* VAR_LOW_RTT */
VAR_LOW_RTT_PERMIL = 528, /* VAR_LOW_RTT_PERMIL */
VAR_FAST_SERVER_PERMIL = 529, /* VAR_FAST_SERVER_PERMIL */
VAR_FAST_SERVER_NUM = 530, /* VAR_FAST_SERVER_NUM */
VAR_ALLOW_NOTIFY = 531, /* VAR_ALLOW_NOTIFY */
VAR_TLS_WIN_CERT = 532, /* VAR_TLS_WIN_CERT */
VAR_TCP_CONNECTION_LIMIT = 533, /* VAR_TCP_CONNECTION_LIMIT */
VAR_FORWARD_NO_CACHE = 534, /* VAR_FORWARD_NO_CACHE */
VAR_STUB_NO_CACHE = 535, /* VAR_STUB_NO_CACHE */
VAR_LOG_SERVFAIL = 536, /* VAR_LOG_SERVFAIL */
VAR_DENY_ANY = 537, /* VAR_DENY_ANY */
VAR_UNKNOWN_SERVER_TIME_LIMIT = 538, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
VAR_LOG_TAG_QUERYREPLY = 539, /* VAR_LOG_TAG_QUERYREPLY */
VAR_STREAM_WAIT_SIZE = 540, /* VAR_STREAM_WAIT_SIZE */
VAR_TLS_CIPHERS = 541, /* VAR_TLS_CIPHERS */
VAR_TLS_CIPHERSUITES = 542, /* VAR_TLS_CIPHERSUITES */
VAR_TLS_USE_SNI = 543, /* VAR_TLS_USE_SNI */
VAR_IPSET = 544, /* VAR_IPSET */
VAR_IPSET_NAME_V4 = 545, /* VAR_IPSET_NAME_V4 */
VAR_IPSET_NAME_V6 = 546, /* VAR_IPSET_NAME_V6 */
VAR_TLS_SESSION_TICKET_KEYS = 547, /* VAR_TLS_SESSION_TICKET_KEYS */
VAR_RPZ = 548, /* VAR_RPZ */
VAR_TAGS = 549, /* VAR_TAGS */
VAR_RPZ_ACTION_OVERRIDE = 550, /* VAR_RPZ_ACTION_OVERRIDE */
VAR_RPZ_CNAME_OVERRIDE = 551, /* VAR_RPZ_CNAME_OVERRIDE */
VAR_RPZ_LOG = 552, /* VAR_RPZ_LOG */
VAR_RPZ_LOG_NAME = 553, /* VAR_RPZ_LOG_NAME */
VAR_DYNLIB = 554, /* VAR_DYNLIB */
VAR_DYNLIB_FILE = 555, /* VAR_DYNLIB_FILE */
VAR_EDNS_CLIENT_STRING = 556, /* VAR_EDNS_CLIENT_STRING */
VAR_EDNS_CLIENT_STRING_OPCODE = 557 /* VAR_EDNS_CLIENT_STRING_OPCODE */
};
typedef enum yytokentype yytoken_kind_t;
#endif
/* Tokens. */
/* Token kinds. */
#define YYEOF 0
#define YYerror 256
#define YYUNDEF 257
#define SPACE 258
#define LETTER 259
#define NEWLINE 260
@ -650,8 +659,8 @@ extern int yydebug;
#define VAR_RPZ_LOG_NAME 553
#define VAR_DYNLIB 554
#define VAR_DYNLIB_FILE 555
#define VAR_EDNS_CLIENT_TAG 556
#define VAR_EDNS_CLIENT_TAG_OPCODE 557
#define VAR_EDNS_CLIENT_STRING 556
#define VAR_EDNS_CLIENT_STRING_OPCODE 557
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@ -661,7 +670,7 @@ union YYSTYPE
char* str;
#line 665 "util/configparser.h"
#line 674 "util/configparser.h"
};
typedef union YYSTYPE YYSTYPE;

27
util/configparser.y
View file

@ -178,7 +178,8 @@ extern struct config_parser_state* cfg_parser;
%token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
%token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
%token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
%token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_TAG VAR_EDNS_CLIENT_TAG_OPCODE
%token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
%token VAR_EDNS_CLIENT_STRING_OPCODE
%%
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@ -291,8 +292,8 @@ content_server: server_num_threads | server_verbosity | server_port |
server_unknown_server_time_limit | server_log_tag_queryreply |
server_stream_wait_size | server_tls_ciphers |
server_tls_ciphersuites | server_tls_session_ticket_keys |
server_tls_use_sni | server_edns_client_tag |
server_edns_client_tag_opcode
server_tls_use_sni | server_edns_client_string |
server_edns_client_string_opcode
;
stubstart: VAR_STUB_ZONE
{
@ -2493,29 +2494,23 @@ server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
#endif
}
;
server_edns_client_tag: VAR_EDNS_CLIENT_TAG STRING_ARG STRING_ARG
server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
{
int tag_data;
OUTYY(("P(server_edns_client_tag:%s %s)\n", $2, $3));
tag_data = atoi($3);
if(tag_data > 65535 || tag_data < 0 ||
(tag_data == 0 && (strlen($3) != 1 || $3[0] != '0')))
yyerror("edns-client-tag data invalid, needs to be a "
"number from 0 to 65535");
OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
if(!cfg_str2list_insert(
&cfg_parser->cfg->edns_client_tags, $2, $3))
&cfg_parser->cfg->edns_client_strings, $2, $3))
fatal_exit("out of memory adding "
"edns-client-tag");
"edns-client-string");
}
;
server_edns_client_tag_opcode: VAR_EDNS_CLIENT_TAG_OPCODE STRING_ARG
server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
{
OUTYY(("P(edns_client_tag_opcode:%s)\n", $2));
OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
if(atoi($2) == 0 && strcmp($2, "0") != 0)
yyerror("option code expected");
else if(atoi($2) > 65535 || atoi($2) < 0)
yyerror("option code must be in interval [0, 65535]");
else cfg_parser->cfg->edns_client_tag_opcode = atoi($2);
else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
}
;

73
util/edns.c
View file

@ -48,81 +48,84 @@
#include "util/data/msgparse.h"
#include "util/data/msgreply.h"
struct edns_tags* edns_tags_create(void)
struct edns_strings* edns_strings_create(void)
{
struct edns_tags* edns_tags = calloc(1, sizeof(struct edns_tags));
if(!edns_tags)
struct edns_strings* edns_strings = calloc(1,
sizeof(struct edns_strings));
if(!edns_strings)
return NULL;
if(!(edns_tags->region = regional_create())) {
edns_tags_delete(edns_tags);
if(!(edns_strings->region = regional_create())) {
edns_strings_delete(edns_strings);
return NULL;
}
return edns_tags;
return edns_strings;
}
void edns_tags_delete(struct edns_tags* edns_tags)
void edns_strings_delete(struct edns_strings* edns_strings)
{
if(!edns_tags)
if(!edns_strings)
return;
regional_destroy(edns_tags->region);
free(edns_tags);
regional_destroy(edns_strings->region);
free(edns_strings);
}
static int
edns_tags_client_insert(struct edns_tags* edns_tags,
edns_strings_client_insert(struct edns_strings* edns_strings,
struct sockaddr_storage* addr, socklen_t addrlen, int net,
uint16_t tag_data)
const char* string)
{
struct edns_tag_addr* eta = regional_alloc_zero(edns_tags->region,
sizeof(struct edns_tag_addr));
if(!eta)
struct edns_string_addr* esa = regional_alloc_zero(edns_strings->region,
sizeof(struct edns_string_addr));
if(!esa)
return 0;
eta->tag_data = tag_data;
if(!addr_tree_insert(&edns_tags->client_tags, &eta->node, addr, addrlen,
net)) {
verbose(VERB_QUERY, "duplicate EDNS client tag ignored.");
esa->string_len = strlen(string);
esa->string = regional_alloc_init(edns_strings->region, string,
esa->string_len);
if(!esa->string)
return 0;
if(!addr_tree_insert(&edns_strings->client_strings, &esa->node, addr,
addrlen, net)) {
verbose(VERB_QUERY, "duplicate EDNS client string ignored.");
}
return 1;
}
int edns_tags_apply_cfg(struct edns_tags* edns_tags,
int edns_strings_apply_cfg(struct edns_strings* edns_strings,
struct config_file* config)
{
struct config_str2list* c;
regional_free_all(edns_tags->region);
addr_tree_init(&edns_tags->client_tags);
regional_free_all(edns_strings->region);
addr_tree_init(&edns_strings->client_strings);
for(c=config->edns_client_tags; c; c=c->next) {
for(c=config->edns_client_strings; c; c=c->next) {
struct sockaddr_storage addr;
socklen_t addrlen;
int net;
uint16_t tag_data;
log_assert(c->str && c->str2);
if(!netblockstrtoaddr(c->str, UNBOUND_DNS_PORT, &addr, &addrlen,
&net)) {
log_err("cannot parse EDNS client tag IP netblock: %s",
c->str);
log_err("cannot parse EDNS client string IP netblock: "
"%s", c->str);
return 0;
}
tag_data = atoi(c->str2); /* validated in config parser */
if(!edns_tags_client_insert(edns_tags, &addr, addrlen, net,
tag_data)) {
log_err("out of memory while adding EDNS tags");
if(!edns_strings_client_insert(edns_strings, &addr, addrlen,
net, c->str2)) {
log_err("out of memory while adding EDNS strings");
return 0;
}
}
edns_tags->client_tag_opcode = config->edns_client_tag_opcode;
edns_strings->client_string_opcode = config->edns_client_string_opcode;
addr_tree_init_parents(&edns_tags->client_tags);
addr_tree_init_parents(&edns_strings->client_strings);
return 1;
}
struct edns_tag_addr*
edns_tag_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr,
struct edns_string_addr*
edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr,
socklen_t addrlen)
{
return (struct edns_tag_addr*)addr_tree_lookup(tree, addr, addrlen);
return (struct edns_string_addr*)addr_tree_lookup(tree, addr, addrlen);
}
static int edns_keepalive(struct edns_data* edns_out, struct edns_data* edns_in,

52
util/edns.h
View file

@ -50,58 +50,60 @@ struct comm_point;
struct regional;
/**
* Structure containing all EDNS tags.
* Structure containing all EDNS strings.
*/
struct edns_tags {
/** Tree of EDNS client tags to use in upstream queries, per address
* prefix. Contains nodes of type edns_tag_addr. */
rbtree_type client_tags;
/** EDNS opcode to use for client tags */
uint16_t client_tag_opcode;
struct edns_strings {
/** Tree of EDNS client strings to use in upstream queries, per address
* prefix. Contains nodes of type edns_string_addr. */
rbtree_type client_strings;
/** EDNS opcode to use for client strings */
uint16_t client_string_opcode;
/** region to allocate tree nodes in */
struct regional* region;
};
/**
* EDNS tag. Node of rbtree, containing tag and prefix.
* EDNS string. Node of rbtree, containing string and prefix.
*/
struct edns_tag_addr {
struct edns_string_addr {
/** node in address tree, used for tree lookups. Need to be the first
* member of this struct. */
struct addr_tree_node node;
/** tag data, in host byte ordering */
uint16_t tag_data;
/** string, ascii format */
uint8_t* string;
/** length of string */
size_t string_len;
};
/**
* Create structure to hold EDNS tags
* @return: newly created edns_tags, NULL on alloc failure.
* Create structure to hold EDNS strings
* @return: newly created edns_strings, NULL on alloc failure.
*/
struct edns_tags* edns_tags_create(void);
struct edns_strings* edns_strings_create(void);
/** Delete EDNS tags structure
* @param edns_tags: struct to delete
/** Delete EDNS strings structure
* @param edns_strings: struct to delete
*/
void edns_tags_delete(struct edns_tags* edns_tags);
void edns_strings_delete(struct edns_strings* edns_strings);
/**
* Add configured EDNS tags
* @param edns_tags: edns tags to apply config to
* @param config: struct containing EDNS tags configuration
* Add configured EDNS strings
* @param edns_strings: edns strings to apply config to
* @param config: struct containing EDNS strings configuration
* @return 0 on error
*/
int edns_tags_apply_cfg(struct edns_tags* edns_tags,
int edns_strings_apply_cfg(struct edns_strings* edns_strings,
struct config_file* config);
/**
* Find tag for address.
* @param tree: tree containing EDNS tags per address prefix.
* Find string for address.
* @param tree: tree containing EDNS strings per address prefix.
* @param addr: address to use for tree lookup
* @param addrlen: length of address
* @return: matching tree node, NULL otherwise
*/
struct edns_tag_addr*
edns_tag_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr,
struct edns_string_addr*
edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr,
socklen_t addrlen);
/**

4
util/module.h
View file

@ -520,8 +520,8 @@ struct module_env {
struct edns_known_option* edns_known_options;
/* Number of known edns options */
size_t edns_known_options_num;
/** EDNS client tag information */
struct edns_tags* edns_tags;
/** EDNS client string information */
struct edns_strings* edns_strings;
/* Make every mesh state unique, do not aggregate mesh states. */
int unique_mesh;