3 * configlexer.lex - lexical analyzer for unbound config file
5 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved
7 * See LICENSE for the license.
12 /* because flex keeps having sign-unsigned compare problems that are unfixed*/
13 #if defined(__clang__)||(defined(__GNUC__)&&((__GNUC__ >4)||(defined(__GNUC_MINOR__)&&(__GNUC__ ==4)&&(__GNUC_MINOR__ >=2))))
14 #pragma GCC diagnostic ignored "-Wsign-compare"
23 #include "util/config_file.h"
24 #include "configparser.h"
25 void ub_c_error(const char *message);
28 #define LEXOUT(s) printf s /* used ONLY when debugging */
33 /** avoid warning in about fwrite return value */
34 #define ECHO ub_c_error_msg("syntax error at text: %s", ub_c_text)
36 /** A parser variable, this is a statement in the config file which is
37 * of the form variable: value1 value2 ... nargs is the number of values. */
38 #define YDVAR(nargs, var) \
40 LEXOUT(("v(%s%d) ", ub_c_text, num_args)); \
41 if(num_args > 0) { BEGIN(val); } \
47 YY_BUFFER_STATE buffer;
48 struct inc_state* next;
51 static struct inc_state* config_include_stack = NULL;
52 static int inc_depth = 0;
53 static int inc_prev = 0;
54 static int num_args = 0;
55 static int inc_toplevel = 0;
57 void init_cfg_parse(void)
59 config_include_stack = NULL;
66 static void config_start_include(const char* filename, int toplevel)
71 if(inc_depth+1 > 100000) {
72 ub_c_error_msg("too many include files");
75 if(*filename == '\0') {
76 ub_c_error_msg("empty include file name");
79 s = (struct inc_state*)malloc(sizeof(*s));
81 ub_c_error_msg("include %s: malloc failure", filename);
84 if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot,
85 strlen(cfg_parser->chroot)) == 0) {
86 filename += strlen(cfg_parser->chroot);
88 nm = strdup(filename);
90 ub_c_error_msg("include %s: strdup failure", filename);
94 input = fopen(filename, "r");
96 ub_c_error_msg("cannot open include file '%s': %s",
97 filename, strerror(errno));
102 LEXOUT(("switch_to_include_file(%s)\n", filename));
104 s->filename = cfg_parser->filename;
105 s->line = cfg_parser->line;
106 s->buffer = YY_CURRENT_BUFFER;
107 s->inc_toplevel = inc_toplevel;
108 s->next = config_include_stack;
109 config_include_stack = s;
110 cfg_parser->filename = nm;
111 cfg_parser->line = 1;
112 inc_toplevel = toplevel;
113 yy_switch_to_buffer(yy_create_buffer(input, YY_BUF_SIZE));
116 static void config_start_include_glob(const char* filename, int toplevel)
119 /* check for wildcards */
123 if(!(!strchr(filename, '*') && !strchr(filename, '?') && !strchr(filename, '[') &&
124 !strchr(filename, '{') && !strchr(filename, '~'))) {
129 /* do not set GLOB_NOSORT so the results are sorted
130 and in a predictable order. */
138 memset(&g, 0, sizeof(g));
139 if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot,
140 strlen(cfg_parser->chroot)) == 0) {
141 filename += strlen(cfg_parser->chroot);
143 r = glob(filename, flags, NULL, &g);
147 if(r == GLOB_NOMATCH)
148 return; /* no matches for pattern */
149 config_start_include(filename, toplevel); /* let original deal with it */
152 /* process files found, if any */
153 for(i=(int)g.gl_pathc-1; i>=0; i--) {
154 config_start_include(g.gl_pathv[i], toplevel);
159 #endif /* HAVE_GLOB */
161 config_start_include(filename, toplevel);
164 static void config_end_include(void)
166 struct inc_state* s = config_include_stack;
169 free(cfg_parser->filename);
170 cfg_parser->filename = s->filename;
171 cfg_parser->line = s->line;
172 yy_delete_buffer(YY_CURRENT_BUFFER);
173 yy_switch_to_buffer(s->buffer);
174 config_include_stack = s->next;
175 inc_toplevel = s->inc_toplevel;
179 #ifndef yy_set_bol /* compat definition, for flex 2.4.6 */
180 #define yy_set_bol(at_bol) \
182 if ( ! yy_current_buffer ) \
183 yy_current_buffer = yy_create_buffer( ub_c_in, YY_BUF_SIZE ); \
184 yy_current_buffer->yy_ch_buf[0] = ((at_bol)?'\n':' '); \
193 #define YY_NO_UNPUT 1
196 #define YY_NO_INPUT 1
202 UNQUOTEDLETTER [^\'\"\n\r \t\\]|\\.
203 UNQUOTEDLETTER_NOCOLON [^\:\'\"\n\r \t\\]|\\.
207 DQANY [^\"\n\r\\]|\\.
208 SQANY [^\'\n\r\\]|\\.
210 %x quotedstring singlequotedstr include include_quoted val include_toplevel include_toplevel_quoted
213 <INITIAL,val>{SPACE}* {
214 LEXOUT(("SP ")); /* ignore */ }
215 <INITIAL,val>{SPACE}*{COMMENT}.* {
216 /* note that flex makes the longest match and '.' is any but not nl */
217 LEXOUT(("comment(%s) ", ub_c_text)); /* ignore */ }
218 server{COLON} { YDVAR(0, VAR_SERVER) }
219 qname-minimisation{COLON} { YDVAR(1, VAR_QNAME_MINIMISATION) }
220 qname-minimisation-strict{COLON} { YDVAR(1, VAR_QNAME_MINIMISATION_STRICT) }
221 num-threads{COLON} { YDVAR(1, VAR_NUM_THREADS) }
222 verbosity{COLON} { YDVAR(1, VAR_VERBOSITY) }
223 port{COLON} { YDVAR(1, VAR_PORT) }
224 outgoing-range{COLON} { YDVAR(1, VAR_OUTGOING_RANGE) }
225 outgoing-port-permit{COLON} { YDVAR(1, VAR_OUTGOING_PORT_PERMIT) }
226 outgoing-port-avoid{COLON} { YDVAR(1, VAR_OUTGOING_PORT_AVOID) }
227 outgoing-num-tcp{COLON} { YDVAR(1, VAR_OUTGOING_NUM_TCP) }
228 incoming-num-tcp{COLON} { YDVAR(1, VAR_INCOMING_NUM_TCP) }
229 do-ip4{COLON} { YDVAR(1, VAR_DO_IP4) }
230 do-ip6{COLON} { YDVAR(1, VAR_DO_IP6) }
231 do-nat64{COLON} { YDVAR(1, VAR_DO_NAT64) }
232 prefer-ip4{COLON} { YDVAR(1, VAR_PREFER_IP4) }
233 prefer-ip6{COLON} { YDVAR(1, VAR_PREFER_IP6) }
234 do-udp{COLON} { YDVAR(1, VAR_DO_UDP) }
235 do-tcp{COLON} { YDVAR(1, VAR_DO_TCP) }
236 tcp-upstream{COLON} { YDVAR(1, VAR_TCP_UPSTREAM) }
237 tcp-mss{COLON} { YDVAR(1, VAR_TCP_MSS) }
238 outgoing-tcp-mss{COLON} { YDVAR(1, VAR_OUTGOING_TCP_MSS) }
239 tcp-idle-timeout{COLON} { YDVAR(1, VAR_TCP_IDLE_TIMEOUT) }
240 max-reuse-tcp-queries{COLON} { YDVAR(1, VAR_MAX_REUSE_TCP_QUERIES) }
241 tcp-reuse-timeout{COLON} { YDVAR(1, VAR_TCP_REUSE_TIMEOUT) }
242 tcp-auth-query-timeout{COLON} { YDVAR(1, VAR_TCP_AUTH_QUERY_TIMEOUT) }
243 edns-tcp-keepalive{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) }
244 edns-tcp-keepalive-timeout{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) }
245 sock-queue-timeout{COLON} { YDVAR(1, VAR_SOCK_QUEUE_TIMEOUT) }
246 ssl-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) }
247 tls-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) }
248 ssl-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) }
249 tls-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) }
250 ssl-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) }
251 tls-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) }
252 ssl-port{COLON} { YDVAR(1, VAR_SSL_PORT) }
253 tls-port{COLON} { YDVAR(1, VAR_SSL_PORT) }
254 ssl-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) }
255 tls-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) }
256 tls-win-cert{COLON} { YDVAR(1, VAR_TLS_WIN_CERT) }
257 tls-system-cert{COLON} { YDVAR(1, VAR_TLS_WIN_CERT) }
258 additional-ssl-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
259 additional-tls-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
260 tls-additional-ports{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
261 tls-additional-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
262 tls-session-ticket-keys{COLON} { YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) }
263 tls-ciphers{COLON} { YDVAR(1, VAR_TLS_CIPHERS) }
264 tls-ciphersuites{COLON} { YDVAR(1, VAR_TLS_CIPHERSUITES) }
265 tls-use-sni{COLON} { YDVAR(1, VAR_TLS_USE_SNI) }
266 https-port{COLON} { YDVAR(1, VAR_HTTPS_PORT) }
267 http-endpoint{COLON} { YDVAR(1, VAR_HTTP_ENDPOINT) }
268 http-max-streams{COLON} { YDVAR(1, VAR_HTTP_MAX_STREAMS) }
269 http-query-buffer-size{COLON} { YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) }
270 http-response-buffer-size{COLON} { YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) }
271 http-nodelay{COLON} { YDVAR(1, VAR_HTTP_NODELAY) }
272 http-notls-downstream{COLON} { YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) }
273 use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) }
274 do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) }
275 interface{COLON} { YDVAR(1, VAR_INTERFACE) }
276 ip-address{COLON} { YDVAR(1, VAR_INTERFACE) }
277 outgoing-interface{COLON} { YDVAR(1, VAR_OUTGOING_INTERFACE) }
278 interface-automatic{COLON} { YDVAR(1, VAR_INTERFACE_AUTOMATIC) }
279 interface-automatic-ports{COLON} { YDVAR(1, VAR_INTERFACE_AUTOMATIC_PORTS) }
280 so-rcvbuf{COLON} { YDVAR(1, VAR_SO_RCVBUF) }
281 so-sndbuf{COLON} { YDVAR(1, VAR_SO_SNDBUF) }
282 so-reuseport{COLON} { YDVAR(1, VAR_SO_REUSEPORT) }
283 ip-transparent{COLON} { YDVAR(1, VAR_IP_TRANSPARENT) }
284 ip-freebind{COLON} { YDVAR(1, VAR_IP_FREEBIND) }
285 ip-dscp{COLON} { YDVAR(1, VAR_IP_DSCP) }
286 chroot{COLON} { YDVAR(1, VAR_CHROOT) }
287 username{COLON} { YDVAR(1, VAR_USERNAME) }
288 directory{COLON} { YDVAR(1, VAR_DIRECTORY) }
289 logfile{COLON} { YDVAR(1, VAR_LOGFILE) }
290 pidfile{COLON} { YDVAR(1, VAR_PIDFILE) }
291 root-hints{COLON} { YDVAR(1, VAR_ROOT_HINTS) }
292 stream-wait-size{COLON} { YDVAR(1, VAR_STREAM_WAIT_SIZE) }
293 edns-buffer-size{COLON} { YDVAR(1, VAR_EDNS_BUFFER_SIZE) }
294 msg-buffer-size{COLON} { YDVAR(1, VAR_MSG_BUFFER_SIZE) }
295 msg-cache-size{COLON} { YDVAR(1, VAR_MSG_CACHE_SIZE) }
296 msg-cache-slabs{COLON} { YDVAR(1, VAR_MSG_CACHE_SLABS) }
297 rrset-cache-size{COLON} { YDVAR(1, VAR_RRSET_CACHE_SIZE) }
298 rrset-cache-slabs{COLON} { YDVAR(1, VAR_RRSET_CACHE_SLABS) }
299 cache-max-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_TTL) }
300 cache-max-negative-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) }
301 cache-min-ttl{COLON} { YDVAR(1, VAR_CACHE_MIN_TTL) }
302 infra-host-ttl{COLON} { YDVAR(1, VAR_INFRA_HOST_TTL) }
303 infra-lame-ttl{COLON} { YDVAR(1, VAR_INFRA_LAME_TTL) }
304 infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) }
305 infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) }
306 infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) }
307 infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) }
308 infra-cache-max-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MAX_RTT) }
309 infra-keep-probing{COLON} { YDVAR(1, VAR_INFRA_KEEP_PROBING) }
310 num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }
311 jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) }
312 delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) }
313 udp-connect{COLON} { YDVAR(1, VAR_UDP_CONNECT) }
314 target-fetch-policy{COLON} { YDVAR(1, VAR_TARGET_FETCH_POLICY) }
315 harden-short-bufsize{COLON} { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) }
316 harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) }
317 harden-glue{COLON} { YDVAR(1, VAR_HARDEN_GLUE) }
318 harden-dnssec-stripped{COLON} { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) }
319 harden-below-nxdomain{COLON} { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) }
320 harden-referral-path{COLON} { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) }
321 harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) }
322 harden-unknown-additional{COLON} { YDVAR(1, VAR_HARDEN_UNKNOWN_ADDITIONAL) }
323 use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) }
324 caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) }
325 caps-exempt{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) }
326 unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) }
327 private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) }
328 private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) }
329 prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) }
330 prefetch{COLON} { YDVAR(1, VAR_PREFETCH) }
331 deny-any{COLON} { YDVAR(1, VAR_DENY_ANY) }
332 stub-zone{COLON} { YDVAR(0, VAR_STUB_ZONE) }
333 name{COLON} { YDVAR(1, VAR_NAME) }
334 stub-addr{COLON} { YDVAR(1, VAR_STUB_ADDR) }
335 stub-host{COLON} { YDVAR(1, VAR_STUB_HOST) }
336 stub-prime{COLON} { YDVAR(1, VAR_STUB_PRIME) }
337 stub-first{COLON} { YDVAR(1, VAR_STUB_FIRST) }
338 stub-no-cache{COLON} { YDVAR(1, VAR_STUB_NO_CACHE) }
339 stub-ssl-upstream{COLON} { YDVAR(1, VAR_STUB_SSL_UPSTREAM) }
340 stub-tls-upstream{COLON} { YDVAR(1, VAR_STUB_SSL_UPSTREAM) }
341 stub-tcp-upstream{COLON} { YDVAR(1, VAR_STUB_TCP_UPSTREAM) }
342 forward-zone{COLON} { YDVAR(0, VAR_FORWARD_ZONE) }
343 forward-addr{COLON} { YDVAR(1, VAR_FORWARD_ADDR) }
344 forward-host{COLON} { YDVAR(1, VAR_FORWARD_HOST) }
345 forward-first{COLON} { YDVAR(1, VAR_FORWARD_FIRST) }
346 forward-no-cache{COLON} { YDVAR(1, VAR_FORWARD_NO_CACHE) }
347 forward-ssl-upstream{COLON} { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) }
348 forward-tls-upstream{COLON} { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) }
349 forward-tcp-upstream{COLON} { YDVAR(1, VAR_FORWARD_TCP_UPSTREAM) }
350 auth-zone{COLON} { YDVAR(0, VAR_AUTH_ZONE) }
351 rpz{COLON} { YDVAR(0, VAR_RPZ) }
352 tags{COLON} { YDVAR(1, VAR_TAGS) }
353 rpz-action-override{COLON} { YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) }
354 rpz-cname-override{COLON} { YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) }
355 rpz-log{COLON} { YDVAR(1, VAR_RPZ_LOG) }
356 rpz-log-name{COLON} { YDVAR(1, VAR_RPZ_LOG_NAME) }
357 rpz-signal-nxdomain-ra{COLON} { YDVAR(1, VAR_RPZ_SIGNAL_NXDOMAIN_RA) }
358 zonefile{COLON} { YDVAR(1, VAR_ZONEFILE) }
359 master{COLON} { YDVAR(1, VAR_MASTER) }
360 primary{COLON} { YDVAR(1, VAR_MASTER) }
361 url{COLON} { YDVAR(1, VAR_URL) }
362 allow-notify{COLON} { YDVAR(1, VAR_ALLOW_NOTIFY) }
363 for-downstream{COLON} { YDVAR(1, VAR_FOR_DOWNSTREAM) }
364 for-upstream{COLON} { YDVAR(1, VAR_FOR_UPSTREAM) }
365 fallback-enabled{COLON} { YDVAR(1, VAR_FALLBACK_ENABLED) }
366 view{COLON} { YDVAR(0, VAR_VIEW) }
367 view-first{COLON} { YDVAR(1, VAR_VIEW_FIRST) }
368 do-not-query-address{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) }
369 do-not-query-localhost{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) }
370 access-control{COLON} { YDVAR(2, VAR_ACCESS_CONTROL) }
371 interface-action{COLON} { YDVAR(2, VAR_INTERFACE_ACTION) }
372 send-client-subnet{COLON} { YDVAR(1, VAR_SEND_CLIENT_SUBNET) }
373 client-subnet-zone{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_ZONE) }
374 client-subnet-always-forward{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) }
375 client-subnet-opcode{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) }
376 max-client-subnet-ipv4{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) }
377 max-client-subnet-ipv6{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) }
378 min-client-subnet-ipv4{COLON} { YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) }
379 min-client-subnet-ipv6{COLON} { YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) }
380 max-ecs-tree-size-ipv4{COLON} { YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) }
381 max-ecs-tree-size-ipv6{COLON} { YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) }
382 hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) }
383 hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) }
384 hide-trustanchor{COLON} { YDVAR(1, VAR_HIDE_TRUSTANCHOR) }
385 hide-http-user-agent{COLON} { YDVAR(1, VAR_HIDE_HTTP_USER_AGENT) }
386 identity{COLON} { YDVAR(1, VAR_IDENTITY) }
387 version{COLON} { YDVAR(1, VAR_VERSION) }
388 http-user-agent{COLON} { YDVAR(1, VAR_HTTP_USER_AGENT) }
389 module-config{COLON} { YDVAR(1, VAR_MODULE_CONF) }
390 dlv-anchor{COLON} { YDVAR(1, VAR_DLV_ANCHOR) }
391 dlv-anchor-file{COLON} { YDVAR(1, VAR_DLV_ANCHOR_FILE) }
392 trust-anchor-file{COLON} { YDVAR(1, VAR_TRUST_ANCHOR_FILE) }
393 auto-trust-anchor-file{COLON} { YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) }
394 trusted-keys-file{COLON} { YDVAR(1, VAR_TRUSTED_KEYS_FILE) }
395 trust-anchor{COLON} { YDVAR(1, VAR_TRUST_ANCHOR) }
396 trust-anchor-signaling{COLON} { YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) }
397 root-key-sentinel{COLON} { YDVAR(1, VAR_ROOT_KEY_SENTINEL) }
398 val-override-date{COLON} { YDVAR(1, VAR_VAL_OVERRIDE_DATE) }
399 val-sig-skew-min{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MIN) }
400 val-sig-skew-max{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) }
401 val-max-restart{COLON} { YDVAR(1, VAR_VAL_MAX_RESTART) }
402 val-bogus-ttl{COLON} { YDVAR(1, VAR_BOGUS_TTL) }
403 val-clean-additional{COLON} { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) }
404 val-permissive-mode{COLON} { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) }
405 aggressive-nsec{COLON} { YDVAR(1, VAR_AGGRESSIVE_NSEC) }
406 ignore-cd-flag{COLON} { YDVAR(1, VAR_IGNORE_CD_FLAG) }
407 serve-expired{COLON} { YDVAR(1, VAR_SERVE_EXPIRED) }
408 serve-expired-ttl{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_TTL) }
409 serve-expired-ttl-reset{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) }
410 serve-expired-reply-ttl{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) }
411 serve-expired-client-timeout{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) }
412 ede-serve-expired{COLON} { YDVAR(1, VAR_EDE_SERVE_EXPIRED) }
413 serve-original-ttl{COLON} { YDVAR(1, VAR_SERVE_ORIGINAL_TTL) }
414 fake-dsa{COLON} { YDVAR(1, VAR_FAKE_DSA) }
415 fake-sha1{COLON} { YDVAR(1, VAR_FAKE_SHA1) }
416 val-log-level{COLON} { YDVAR(1, VAR_VAL_LOG_LEVEL) }
417 key-cache-size{COLON} { YDVAR(1, VAR_KEY_CACHE_SIZE) }
418 key-cache-slabs{COLON} { YDVAR(1, VAR_KEY_CACHE_SLABS) }
419 neg-cache-size{COLON} { YDVAR(1, VAR_NEG_CACHE_SIZE) }
420 val-nsec3-keysize-iterations{COLON} {
421 YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) }
422 zonemd-permissive-mode{COLON} { YDVAR(1, VAR_ZONEMD_PERMISSIVE_MODE) }
423 zonemd-check{COLON} { YDVAR(1, VAR_ZONEMD_CHECK) }
424 zonemd-reject-absence{COLON} { YDVAR(1, VAR_ZONEMD_REJECT_ABSENCE) }
425 add-holddown{COLON} { YDVAR(1, VAR_ADD_HOLDDOWN) }
426 del-holddown{COLON} { YDVAR(1, VAR_DEL_HOLDDOWN) }
427 keep-missing{COLON} { YDVAR(1, VAR_KEEP_MISSING) }
428 permit-small-holddown{COLON} { YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) }
429 use-syslog{COLON} { YDVAR(1, VAR_USE_SYSLOG) }
430 log-identity{COLON} { YDVAR(1, VAR_LOG_IDENTITY) }
431 log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) }
432 log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) }
433 log-replies{COLON} { YDVAR(1, VAR_LOG_REPLIES) }
434 log-tag-queryreply{COLON} { YDVAR(1, VAR_LOG_TAG_QUERYREPLY) }
435 log-local-actions{COLON} { YDVAR(1, VAR_LOG_LOCAL_ACTIONS) }
436 log-servfail{COLON} { YDVAR(1, VAR_LOG_SERVFAIL) }
437 local-zone{COLON} { YDVAR(2, VAR_LOCAL_ZONE) }
438 local-data{COLON} { YDVAR(1, VAR_LOCAL_DATA) }
439 local-data-ptr{COLON} { YDVAR(1, VAR_LOCAL_DATA_PTR) }
440 unblock-lan-zones{COLON} { YDVAR(1, VAR_UNBLOCK_LAN_ZONES) }
441 insecure-lan-zones{COLON} { YDVAR(1, VAR_INSECURE_LAN_ZONES) }
442 statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) }
443 statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) }
444 extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) }
445 statistics-inhibit-zero{COLON} { YDVAR(1, VAR_STATISTICS_INHIBIT_ZERO) }
446 shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) }
447 shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) }
448 remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) }
449 control-enable{COLON} { YDVAR(1, VAR_CONTROL_ENABLE) }
450 control-interface{COLON} { YDVAR(1, VAR_CONTROL_INTERFACE) }
451 control-port{COLON} { YDVAR(1, VAR_CONTROL_PORT) }
452 control-use-cert{COLON} { YDVAR(1, VAR_CONTROL_USE_CERT) }
453 server-key-file{COLON} { YDVAR(1, VAR_SERVER_KEY_FILE) }
454 server-cert-file{COLON} { YDVAR(1, VAR_SERVER_CERT_FILE) }
455 control-key-file{COLON} { YDVAR(1, VAR_CONTROL_KEY_FILE) }
456 control-cert-file{COLON} { YDVAR(1, VAR_CONTROL_CERT_FILE) }
457 python-script{COLON} { YDVAR(1, VAR_PYTHON_SCRIPT) }
458 python{COLON} { YDVAR(0, VAR_PYTHON) }
459 dynlib-file{COLON} { YDVAR(1, VAR_DYNLIB_FILE) }
460 dynlib{COLON} { YDVAR(0, VAR_DYNLIB) }
461 domain-insecure{COLON} { YDVAR(1, VAR_DOMAIN_INSECURE) }
462 minimal-responses{COLON} { YDVAR(1, VAR_MINIMAL_RESPONSES) }
463 rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) }
464 unknown-server-time-limit{COLON} { YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) }
465 max-udp-size{COLON} { YDVAR(1, VAR_MAX_UDP_SIZE) }
466 dns64-prefix{COLON} { YDVAR(1, VAR_DNS64_PREFIX) }
467 dns64-synthall{COLON} { YDVAR(1, VAR_DNS64_SYNTHALL) }
468 dns64-ignore-aaaa{COLON} { YDVAR(1, VAR_DNS64_IGNORE_AAAA) }
469 nat64-prefix{COLON} { YDVAR(1, VAR_NAT64_PREFIX) }
470 define-tag{COLON} { YDVAR(1, VAR_DEFINE_TAG) }
471 local-zone-tag{COLON} { YDVAR(2, VAR_LOCAL_ZONE_TAG) }
472 access-control-tag{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_TAG) }
473 access-control-tag-action{COLON} { YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) }
474 access-control-tag-data{COLON} { YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) }
475 access-control-view{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_VIEW) }
476 interface-tag{COLON} { YDVAR(2, VAR_INTERFACE_TAG) }
477 interface-tag-action{COLON} { YDVAR(3, VAR_INTERFACE_TAG_ACTION) }
478 interface-tag-data{COLON} { YDVAR(3, VAR_INTERFACE_TAG_DATA) }
479 interface-view{COLON} { YDVAR(2, VAR_INTERFACE_VIEW) }
480 local-zone-override{COLON} { YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) }
481 dnstap{COLON} { YDVAR(0, VAR_DNSTAP) }
482 dnstap-enable{COLON} { YDVAR(1, VAR_DNSTAP_ENABLE) }
483 dnstap-bidirectional{COLON} { YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) }
484 dnstap-socket-path{COLON} { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) }
485 dnstap-ip{COLON} { YDVAR(1, VAR_DNSTAP_IP) }
486 dnstap-tls{COLON} { YDVAR(1, VAR_DNSTAP_TLS) }
487 dnstap-tls-server-name{COLON} { YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) }
488 dnstap-tls-cert-bundle{COLON} { YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) }
489 dnstap-tls-client-key-file{COLON} {
490 YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) }
491 dnstap-tls-client-cert-file{COLON} {
492 YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) }
493 dnstap-send-identity{COLON} { YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) }
494 dnstap-send-version{COLON} { YDVAR(1, VAR_DNSTAP_SEND_VERSION) }
495 dnstap-identity{COLON} { YDVAR(1, VAR_DNSTAP_IDENTITY) }
496 dnstap-version{COLON} { YDVAR(1, VAR_DNSTAP_VERSION) }
497 dnstap-log-resolver-query-messages{COLON} {
498 YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) }
499 dnstap-log-resolver-response-messages{COLON} {
500 YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) }
501 dnstap-log-client-query-messages{COLON} {
502 YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) }
503 dnstap-log-client-response-messages{COLON} {
504 YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) }
505 dnstap-log-forwarder-query-messages{COLON} {
506 YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) }
507 dnstap-log-forwarder-response-messages{COLON} {
508 YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) }
509 disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) }
510 ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) }
511 ip-ratelimit-cookie{COLON} { YDVAR(1, VAR_IP_RATELIMIT_COOKIE) }
512 ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) }
513 ip-ratelimit-slabs{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SLABS) }
514 ratelimit-slabs{COLON} { YDVAR(1, VAR_RATELIMIT_SLABS) }
515 ip-ratelimit-size{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SIZE) }
516 ratelimit-size{COLON} { YDVAR(1, VAR_RATELIMIT_SIZE) }
517 ratelimit-for-domain{COLON} { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) }
518 ratelimit-below-domain{COLON} { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) }
519 ip-ratelimit-factor{COLON} { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) }
520 ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) }
521 ip-ratelimit-backoff{COLON} { YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) }
522 ratelimit-backoff{COLON} { YDVAR(1, VAR_RATELIMIT_BACKOFF) }
523 outbound-msg-retry{COLON} { YDVAR(1, VAR_OUTBOUND_MSG_RETRY) }
524 max-sent-count{COLON} { YDVAR(1, VAR_MAX_SENT_COUNT) }
525 max-query-restarts{COLON} { YDVAR(1, VAR_MAX_QUERY_RESTARTS) }
526 low-rtt{COLON} { YDVAR(1, VAR_LOW_RTT) }
527 fast-server-num{COLON} { YDVAR(1, VAR_FAST_SERVER_NUM) }
528 low-rtt-pct{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) }
529 low-rtt-permil{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) }
530 fast-server-permil{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) }
531 response-ip-tag{COLON} { YDVAR(2, VAR_RESPONSE_IP_TAG) }
532 response-ip{COLON} { YDVAR(2, VAR_RESPONSE_IP) }
533 response-ip-data{COLON} { YDVAR(2, VAR_RESPONSE_IP_DATA) }
534 dnscrypt{COLON} { YDVAR(0, VAR_DNSCRYPT) }
535 dnscrypt-enable{COLON} { YDVAR(1, VAR_DNSCRYPT_ENABLE) }
536 dnscrypt-port{COLON} { YDVAR(1, VAR_DNSCRYPT_PORT) }
537 dnscrypt-provider{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER) }
538 dnscrypt-secret-key{COLON} { YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) }
539 dnscrypt-provider-cert{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) }
540 dnscrypt-provider-cert-rotated{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) }
541 dnscrypt-shared-secret-cache-size{COLON} {
542 YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) }
543 dnscrypt-shared-secret-cache-slabs{COLON} {
544 YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) }
545 dnscrypt-nonce-cache-size{COLON} { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) }
546 dnscrypt-nonce-cache-slabs{COLON} { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) }
547 pad-responses{COLON} { YDVAR(1, VAR_PAD_RESPONSES) }
548 pad-responses-block-size{COLON} { YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) }
549 pad-queries{COLON} { YDVAR(1, VAR_PAD_QUERIES) }
550 pad-queries-block-size{COLON} { YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) }
551 ipsecmod-enabled{COLON} { YDVAR(1, VAR_IPSECMOD_ENABLED) }
552 ipsecmod-ignore-bogus{COLON} { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) }
553 ipsecmod-hook{COLON} { YDVAR(1, VAR_IPSECMOD_HOOK) }
554 ipsecmod-max-ttl{COLON} { YDVAR(1, VAR_IPSECMOD_MAX_TTL) }
555 ipsecmod-whitelist{COLON} { YDVAR(1, VAR_IPSECMOD_WHITELIST) }
556 ipsecmod-allow{COLON} { YDVAR(1, VAR_IPSECMOD_WHITELIST) }
557 ipsecmod-strict{COLON} { YDVAR(1, VAR_IPSECMOD_STRICT) }
558 cachedb{COLON} { YDVAR(0, VAR_CACHEDB) }
559 backend{COLON} { YDVAR(1, VAR_CACHEDB_BACKEND) }
560 secret-seed{COLON} { YDVAR(1, VAR_CACHEDB_SECRETSEED) }
561 redis-server-host{COLON} { YDVAR(1, VAR_CACHEDB_REDISHOST) }
562 redis-server-port{COLON} { YDVAR(1, VAR_CACHEDB_REDISPORT) }
563 redis-server-path{COLON} { YDVAR(1, VAR_CACHEDB_REDISPATH) }
564 redis-server-password{COLON} { YDVAR(1, VAR_CACHEDB_REDISPASSWORD) }
565 redis-timeout{COLON} { YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) }
566 redis-expire-records{COLON} { YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) }
567 ipset{COLON} { YDVAR(0, VAR_IPSET) }
568 name-v4{COLON} { YDVAR(1, VAR_IPSET_NAME_V4) }
569 name-v6{COLON} { YDVAR(1, VAR_IPSET_NAME_V6) }
570 udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) }
571 tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) }
572 answer-cookie{COLON} { YDVAR(1, VAR_ANSWER_COOKIE ) }
573 cookie-secret{COLON} { YDVAR(1, VAR_COOKIE_SECRET) }
574 edns-client-string{COLON} { YDVAR(2, VAR_EDNS_CLIENT_STRING) }
575 edns-client-string-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) }
576 nsid{COLON} { YDVAR(1, VAR_NSID ) }
577 ede{COLON} { YDVAR(1, VAR_EDE ) }
578 proxy-protocol-port{COLON} { YDVAR(1, VAR_PROXY_PROTOCOL_PORT) }
579 <INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; }
581 /* Quoted strings. Strip leading and ending quotes */
582 <val>\" { BEGIN(quotedstring); LEXOUT(("QS ")); }
583 <quotedstring><<EOF>> {
584 ub_c_error("EOF inside quoted string");
585 if(--num_args == 0) { BEGIN(INITIAL); }
588 <quotedstring>{DQANY}* { LEXOUT(("STR(%s) ", ub_c_text)); yymore(); }
589 <quotedstring>{NEWLINE} { ub_c_error("newline inside quoted string, no end \"");
590 cfg_parser->line++; BEGIN(INITIAL); }
593 if(--num_args == 0) { BEGIN(INITIAL); }
595 ub_c_text[ub_c_leng - 1] = '\0';
596 ub_c_lval.str = strdup(ub_c_text);
598 ub_c_error("out of memory");
602 /* Single Quoted strings. Strip leading and ending quotes */
603 <val>\' { BEGIN(singlequotedstr); LEXOUT(("SQS ")); }
604 <singlequotedstr><<EOF>> {
605 ub_c_error("EOF inside quoted string");
606 if(--num_args == 0) { BEGIN(INITIAL); }
609 <singlequotedstr>{SQANY}* { LEXOUT(("STR(%s) ", ub_c_text)); yymore(); }
610 <singlequotedstr>{NEWLINE} { ub_c_error("newline inside quoted string, no end '");
611 cfg_parser->line++; BEGIN(INITIAL); }
612 <singlequotedstr>\' {
614 if(--num_args == 0) { BEGIN(INITIAL); }
616 ub_c_text[ub_c_leng - 1] = '\0';
617 ub_c_lval.str = strdup(ub_c_text);
619 ub_c_error("out of memory");
623 /* include: directive */
624 <INITIAL,val>include{COLON} {
625 LEXOUT(("v(%s) ", ub_c_text)); inc_prev = YYSTATE; BEGIN(include); }
627 ub_c_error("EOF inside include directive");
630 <include>{SPACE}* { LEXOUT(("ISP ")); /* ignore */ }
631 <include>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++;}
632 <include>\" { LEXOUT(("IQS ")); BEGIN(include_quoted); }
633 <include>{UNQUOTEDLETTER}* {
634 LEXOUT(("Iunquotedstr(%s) ", ub_c_text));
635 config_start_include_glob(ub_c_text, 0);
638 <include_quoted><<EOF>> {
639 ub_c_error("EOF inside quoted string");
642 <include_quoted>{DQANY}* { LEXOUT(("ISTR(%s) ", ub_c_text)); yymore(); }
643 <include_quoted>{NEWLINE} { ub_c_error("newline before \" in include name");
644 cfg_parser->line++; BEGIN(inc_prev); }
647 ub_c_text[ub_c_leng - 1] = '\0';
648 config_start_include_glob(ub_c_text,0);
651 <INITIAL,val><<EOF>> {
653 yy_set_bol(1); /* Set beginning of line, so "^" rules match. */
654 if (!config_include_stack) {
658 int prev_toplevel = inc_toplevel;
660 config_end_include();
661 if(prev_toplevel) return (VAR_FORCE_TOPLEVEL);
665 /* include-toplevel: directive */
666 <INITIAL,val>include-toplevel{COLON} {
667 LEXOUT(("v(%s) ", ub_c_text)); inc_prev = YYSTATE; BEGIN(include_toplevel);
669 <include_toplevel><<EOF>> {
670 ub_c_error("EOF inside include_toplevel directive");
673 <include_toplevel>{SPACE}* { LEXOUT(("ITSP ")); /* ignore */ }
674 <include_toplevel>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; }
675 <include_toplevel>\" { LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); }
676 <include_toplevel>{UNQUOTEDLETTER}* {
677 LEXOUT(("ITunquotedstr(%s) ", ub_c_text));
678 config_start_include_glob(ub_c_text, 1);
680 return (VAR_FORCE_TOPLEVEL);
682 <include_toplevel_quoted><<EOF>> {
683 ub_c_error("EOF inside quoted string");
686 <include_toplevel_quoted>{DQANY}* { LEXOUT(("ITSTR(%s) ", ub_c_text)); yymore(); }
687 <include_toplevel_quoted>{NEWLINE} {
688 ub_c_error("newline before \" in include name");
689 cfg_parser->line++; BEGIN(inc_prev);
691 <include_toplevel_quoted>\" {
693 ub_c_text[yyleng - 1] = '\0';
694 config_start_include_glob(ub_c_text, 1);
696 return (VAR_FORCE_TOPLEVEL);
699 <val>{UNQUOTEDLETTER}* { LEXOUT(("unquotedstr(%s) ", ub_c_text));
700 if(--num_args == 0) { BEGIN(INITIAL); }
701 ub_c_lval.str = strdup(ub_c_text); return STRING_ARG; }
703 {UNQUOTEDLETTER_NOCOLON}* {
704 ub_c_error_msg("unknown keyword '%s'", ub_c_text);
708 ub_c_error_msg("stray '%s'", ub_c_text);