contrib/unbound/util/configparser.y

   1 /*
   2  * configparser.y -- yacc grammar for unbound configuration files
   3  *
   4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
   5  *
   6  * Copyright (c) 2007, NLnet Labs. All rights reserved.
   7  *
   8  * This software is open source.
   9  *
  10  * Redistribution and use in source and binary forms, with or without
  11  * modification, are permitted provided that the following conditions
  12  * are met:
  13  *
  14  * Redistributions of source code must retain the above copyright notice,
  15  * this list of conditions and the following disclaimer.
  16  *
  17  * Redistributions in binary form must reproduce the above copyright notice,
  18  * this list of conditions and the following disclaimer in the documentation
  19  * and/or other materials provided with the distribution.
  20  *
  21  * Neither the name of the NLNET LABS nor the names of its contributors may
  22  * be used to endorse or promote products derived from this software without
  23  * specific prior written permission.
  24  *
  25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  29  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
  31  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  32  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  33  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  34  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  35  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  36  */
  37
  38 %{
  39 #include "config.h"
  40
  41 #include <stdarg.h>
  42 #include <stdio.h>
  43 #include <string.h>
  44 #include <stdlib.h>
  45 #include <assert.h>
  46
  47 #include "util/configyyrename.h"
  48 #include "util/config_file.h"
  49 #include "util/net_help.h"
  50
  51 int ub_c_lex(void);
  52 void ub_c_error(const char *message);
  53
  54 static void validate_respip_action(const char* action);
  55
  56 /* these need to be global, otherwise they cannot be used inside yacc */
  57 extern struct config_parser_state* cfg_parser;
  58
  59 #if 0
  60 #define OUTYY(s)  printf s /* used ONLY when debugging */
  61 #else
  62 #define OUTYY(s)
  63 #endif
  64
  65 %}
  66 %union {
  67         char*   str;
  68 };
  69
  70 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
  71 %token <str> STRING_ARG
  72 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
  73 %token VAR_OUTGOING_RANGE VAR_INTERFACE
  74 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
  75 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS
  76 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
  77 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
  78 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
  79 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
  80 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
  81 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
  82 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
  83 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
  84 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
  85 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
  86 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
  87 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
  88 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
  89 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
  90 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
  91 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
  92 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
  93 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
  94 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
  95 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
  96 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
  97 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
  98 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
  99 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
 100 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
 101 %token VAR_CONTROL_USE_CERT
 102 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
 103 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
 104 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
 105 %token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL
 106 %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
 107 %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
 108 %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
 109 %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES
 110 %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
 111 %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
 112 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
 113 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
 114 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
 115 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
 116 %token VAR_INFRA_CACHE_MIN_RTT
 117 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL
 118 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH
 119 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION
 120 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
 121 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
 122 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
 123 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
 124 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
 125 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
 126 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
 127 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
 128 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
 129 %token VAR_DISABLE_DNSSEC_LAME_CHECK
 130 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
 131 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
 132 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
 133 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
 134 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
 135 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
 136 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
 137 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
 138 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
 139 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
 140 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
 141 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
 142 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA VAR_FAKE_SHA1
 143 %token VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR VAR_TRUST_ANCHOR_SIGNALING
 144 %token VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY
 145 %token VAR_ROOT_KEY_SENTINEL
 146 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
 147 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
 148 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
 149 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
 150 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
 151 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
 152 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
 153 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
 154 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
 155 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
 156 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
 157 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
 158 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
 159 %token VAR_FALLBACK_ENABLED VAR_ADDITIONAL_TLS_PORT VAR_LOW_RTT VAR_LOW_RTT_PCT
 160 %token VAR_ALLOW_NOTIFY
 161
 162 %%
 163 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
 164 toplevelvar: serverstart contents_server | stubstart contents_stub |
 165         forwardstart contents_forward | pythonstart contents_py |
 166         rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
 167         dnscstart contents_dnsc | cachedbstart contents_cachedb |
 168         authstart contents_auth
 169         ;
 170
 171 /* server: declaration */
 172 serverstart: VAR_SERVER
 173         {
 174                 OUTYY(("\nP(server:)\n"));
 175         }
 176         ;
 177 contents_server: contents_server content_server
 178         | ;
 179 content_server: server_num_threads | server_verbosity | server_port |
 180         server_outgoing_range | server_do_ip4 |
 181         server_do_ip6 | server_prefer_ip6 |
 182         server_do_udp | server_do_tcp |
 183         server_tcp_mss | server_outgoing_tcp_mss |
 184         server_interface | server_chroot | server_username |
 185         server_directory | server_logfile | server_pidfile |
 186         server_msg_cache_size | server_msg_cache_slabs |
 187         server_num_queries_per_thread | server_rrset_cache_size |
 188         server_rrset_cache_slabs | server_outgoing_num_tcp |
 189         server_infra_host_ttl | server_infra_lame_ttl |
 190         server_infra_cache_slabs | server_infra_cache_numhosts |
 191         server_infra_cache_lame_size | server_target_fetch_policy |
 192         server_harden_short_bufsize | server_harden_large_queries |
 193         server_do_not_query_address | server_hide_identity |
 194         server_hide_version | server_identity | server_version |
 195         server_harden_glue | server_module_conf | server_trust_anchor_file |
 196         server_trust_anchor | server_val_override_date | server_bogus_ttl |
 197         server_val_clean_additional | server_val_permissive_mode |
 198         server_incoming_num_tcp | server_msg_buffer_size |
 199         server_key_cache_size | server_key_cache_slabs |
 200         server_trusted_keys_file | server_val_nsec3_keysize_iterations |
 201         server_use_syslog | server_outgoing_interface | server_root_hints |
 202         server_do_not_query_localhost | server_cache_max_ttl |
 203         server_harden_dnssec_stripped | server_access_control |
 204         server_local_zone | server_local_data | server_interface_automatic |
 205         server_statistics_interval | server_do_daemonize |
 206         server_use_caps_for_id | server_statistics_cumulative |
 207         server_outgoing_port_permit | server_outgoing_port_avoid |
 208         server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
 209         server_harden_referral_path | server_private_address |
 210         server_private_domain | server_extended_statistics |
 211         server_local_data_ptr | server_jostle_timeout |
 212         server_unwanted_reply_threshold | server_log_time_ascii |
 213         server_domain_insecure | server_val_sig_skew_min |
 214         server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level |
 215         server_auto_trust_anchor_file | server_add_holddown |
 216         server_del_holddown | server_keep_missing | server_so_rcvbuf |
 217         server_edns_buffer_size | server_prefetch | server_prefetch_key |
 218         server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
 219         server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
 220         server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
 221         server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
 222         server_so_reuseport | server_delay_close |
 223         server_unblock_lan_zones | server_insecure_lan_zones |
 224         server_dns64_prefix | server_dns64_synthall |
 225         server_infra_cache_min_rtt | server_harden_algo_downgrade |
 226         server_ip_transparent | server_ip_ratelimit | server_ratelimit |
 227         server_ip_ratelimit_slabs | server_ratelimit_slabs |
 228         server_ip_ratelimit_size | server_ratelimit_size |
 229         server_ratelimit_for_domain |
 230         server_ratelimit_below_domain | server_ratelimit_factor |
 231         server_ip_ratelimit_factor | server_send_client_subnet |
 232         server_client_subnet_zone | server_client_subnet_always_forward |
 233         server_client_subnet_opcode |
 234         server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
 235         server_caps_whitelist | server_cache_max_negative_ttl |
 236         server_permit_small_holddown | server_qname_minimisation |
 237         server_ip_freebind | server_define_tag | server_local_zone_tag |
 238         server_disable_dnssec_lame_check | server_access_control_tag |
 239         server_local_zone_override | server_access_control_tag_action |
 240         server_access_control_tag_data | server_access_control_view |
 241         server_qname_minimisation_strict | server_serve_expired |
 242         server_fake_dsa | server_log_identity | server_use_systemd |
 243         server_response_ip_tag | server_response_ip | server_response_ip_data |
 244         server_shm_enable | server_shm_key | server_fake_sha1 |
 245         server_hide_trustanchor | server_trust_anchor_signaling |
 246         server_root_key_sentinel |
 247         server_ipsecmod_enabled | server_ipsecmod_hook |
 248         server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
 249         server_ipsecmod_whitelist | server_ipsecmod_strict |
 250         server_udp_upstream_without_downstream | server_aggressive_nsec |
 251         server_tls_cert_bundle | server_additional_tls_port | server_low_rtt |
 252         server_low_rtt_pct
 253         ;
 254 stubstart: VAR_STUB_ZONE
 255         {
 256                 struct config_stub* s;
 257                 OUTYY(("\nP(stub_zone:)\n"));
 258                 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
 259                 if(s) {
 260                         s->next = cfg_parser->cfg->stubs;
 261                         cfg_parser->cfg->stubs = s;
 262                 } else
 263                         yyerror("out of memory");
 264         }
 265         ;
 266 contents_stub: contents_stub content_stub
 267         | ;
 268 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
 269         stub_ssl_upstream
 270         ;
 271 forwardstart: VAR_FORWARD_ZONE
 272         {
 273                 struct config_stub* s;
 274                 OUTYY(("\nP(forward_zone:)\n"));
 275                 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
 276                 if(s) {
 277                         s->next = cfg_parser->cfg->forwards;
 278                         cfg_parser->cfg->forwards = s;
 279                 } else
 280                         yyerror("out of memory");
 281         }
 282         ;
 283 contents_forward: contents_forward content_forward
 284         | ;
 285 content_forward: forward_name | forward_host | forward_addr | forward_first |
 286         forward_ssl_upstream
 287         ;
 288 viewstart: VAR_VIEW
 289         {
 290                 struct config_view* s;
 291                 OUTYY(("\nP(view:)\n"));
 292                 s = (struct config_view*)calloc(1, sizeof(struct config_view));
 293                 if(s) {
 294                         s->next = cfg_parser->cfg->views;
 295                         if(s->next && !s->next->name)
 296                                 yyerror("view without name");
 297                         cfg_parser->cfg->views = s;
 298                 } else
 299                         yyerror("out of memory");
 300         }
 301         ;
 302 contents_view: contents_view content_view
 303         | ;
 304 content_view: view_name | view_local_zone | view_local_data | view_first |
 305                 view_response_ip | view_response_ip_data | view_local_data_ptr
 306         ;
 307 authstart: VAR_AUTH_ZONE
 308         {
 309                 struct config_auth* s;
 310                 OUTYY(("\nP(auth_zone:)\n"));
 311                 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
 312                 if(s) {
 313                         s->next = cfg_parser->cfg->auths;
 314                         cfg_parser->cfg->auths = s;
 315                         /* defaults for auth zone */
 316                         s->for_downstream = 1;
 317                         s->for_upstream = 1;
 318                         s->fallback_enabled = 0;
 319                 } else
 320                         yyerror("out of memory");
 321         }
 322         ;
 323 contents_auth: contents_auth content_auth
 324         | ;
 325 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
 326         auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
 327         auth_allow_notify
 328         ;
 329 server_num_threads: VAR_NUM_THREADS STRING_ARG
 330         {
 331                 OUTYY(("P(server_num_threads:%s)\n", $2));
 332                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 333                         yyerror("number expected");
 334                 else cfg_parser->cfg->num_threads = atoi($2);
 335                 free($2);
 336         }
 337         ;
 338 server_verbosity: VAR_VERBOSITY STRING_ARG
 339         {
 340                 OUTYY(("P(server_verbosity:%s)\n", $2));
 341                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 342                         yyerror("number expected");
 343                 else cfg_parser->cfg->verbosity = atoi($2);
 344                 free($2);
 345         }
 346         ;
 347 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
 348         {
 349                 OUTYY(("P(server_statistics_interval:%s)\n", $2));
 350                 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
 351                         cfg_parser->cfg->stat_interval = 0;
 352                 else if(atoi($2) == 0)
 353                         yyerror("number expected");
 354                 else cfg_parser->cfg->stat_interval = atoi($2);
 355                 free($2);
 356         }
 357         ;
 358 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
 359         {
 360                 OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
 361                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 362                         yyerror("expected yes or no.");
 363                 else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
 364                 free($2);
 365         }
 366         ;
 367 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
 368         {
 369                 OUTYY(("P(server_extended_statistics:%s)\n", $2));
 370                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 371                         yyerror("expected yes or no.");
 372                 else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
 373                 free($2);
 374         }
 375         ;
 376 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
 377         {
 378                 OUTYY(("P(server_shm_enable:%s)\n", $2));
 379                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 380                         yyerror("expected yes or no.");
 381                 else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
 382                 free($2);
 383         }
 384         ;
 385 server_shm_key: VAR_SHM_KEY STRING_ARG
 386         {
 387                 OUTYY(("P(server_shm_key:%s)\n", $2));
 388                 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
 389                         cfg_parser->cfg->shm_key = 0;
 390                 else if(atoi($2) == 0)
 391                         yyerror("number expected");
 392                 else cfg_parser->cfg->shm_key = atoi($2);
 393                 free($2);
 394         }
 395         ;
 396 server_port: VAR_PORT STRING_ARG
 397         {
 398                 OUTYY(("P(server_port:%s)\n", $2));
 399                 if(atoi($2) == 0)
 400                         yyerror("port number expected");
 401                 else cfg_parser->cfg->port = atoi($2);
 402                 free($2);
 403         }
 404         ;
 405 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
 406         {
 407         #ifdef CLIENT_SUBNET
 408                 OUTYY(("P(server_send_client_subnet:%s)\n", $2));
 409                 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
 410                         fatal_exit("out of memory adding client-subnet");
 411         #else
 412                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 413         #endif
 414         }
 415         ;
 416 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
 417         {
 418         #ifdef CLIENT_SUBNET
 419                 OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
 420                 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
 421                         $2))
 422                         fatal_exit("out of memory adding client-subnet-zone");
 423         #else
 424                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 425         #endif
 426         }
 427         ;
 428 server_client_subnet_always_forward:
 429         VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
 430         {
 431         #ifdef CLIENT_SUBNET
 432                 OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
 433                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 434                         yyerror("expected yes or no.");
 435                 else
 436                         cfg_parser->cfg->client_subnet_always_forward =
 437                                 (strcmp($2, "yes")==0);
 438         #else
 439                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 440         #endif
 441                 free($2);
 442         }
 443         ;
 444 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
 445         {
 446         #ifdef CLIENT_SUBNET
 447                 OUTYY(("P(client_subnet_opcode:%s)\n", $2));
 448                 OUTYY(("P(Deprecated option, ignoring)\n"));
 449         #else
 450                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 451         #endif
 452                 free($2);
 453         }
 454         ;
 455 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
 456         {
 457         #ifdef CLIENT_SUBNET
 458                 OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
 459                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 460                         yyerror("IPv4 subnet length expected");
 461                 else if (atoi($2) > 32)
 462                         cfg_parser->cfg->max_client_subnet_ipv4 = 32;
 463                 else if (atoi($2) < 0)
 464                         cfg_parser->cfg->max_client_subnet_ipv4 = 0;
 465                 else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
 466         #else
 467                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 468         #endif
 469                 free($2);
 470         }
 471         ;
 472 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
 473         {
 474         #ifdef CLIENT_SUBNET
 475                 OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
 476                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 477                         yyerror("Ipv6 subnet length expected");
 478                 else if (atoi($2) > 128)
 479                         cfg_parser->cfg->max_client_subnet_ipv6 = 128;
 480                 else if (atoi($2) < 0)
 481                         cfg_parser->cfg->max_client_subnet_ipv6 = 0;
 482                 else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
 483         #else
 484                 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
 485         #endif
 486                 free($2);
 487         }
 488         ;
 489 server_interface: VAR_INTERFACE STRING_ARG
 490         {
 491                 OUTYY(("P(server_interface:%s)\n", $2));
 492                 if(cfg_parser->cfg->num_ifs == 0)
 493                         cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
 494                 else    cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
 495                                 (cfg_parser->cfg->num_ifs+1)*sizeof(char*));
 496                 if(!cfg_parser->cfg->ifs)
 497                         yyerror("out of memory");
 498                 else
 499                         cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
 500         }
 501         ;
 502 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
 503         {
 504                 OUTYY(("P(server_outgoing_interface:%s)\n", $2));
 505                 if(cfg_parser->cfg->num_out_ifs == 0)
 506                         cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
 507                 else    cfg_parser->cfg->out_ifs = realloc(
 508                         cfg_parser->cfg->out_ifs,
 509                         (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
 510                 if(!cfg_parser->cfg->out_ifs)
 511                         yyerror("out of memory");
 512                 else
 513                         cfg_parser->cfg->out_ifs[
 514                                 cfg_parser->cfg->num_out_ifs++] = $2;
 515         }
 516         ;
 517 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
 518         {
 519                 OUTYY(("P(server_outgoing_range:%s)\n", $2));
 520                 if(atoi($2) == 0)
 521                         yyerror("number expected");
 522                 else cfg_parser->cfg->outgoing_num_ports = atoi($2);
 523                 free($2);
 524         }
 525         ;
 526 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
 527         {
 528                 OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
 529                 if(!cfg_mark_ports($2, 1,
 530                         cfg_parser->cfg->outgoing_avail_ports, 65536))
 531                         yyerror("port number or range (\"low-high\") expected");
 532                 free($2);
 533         }
 534         ;
 535 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
 536         {
 537                 OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
 538                 if(!cfg_mark_ports($2, 0,
 539                         cfg_parser->cfg->outgoing_avail_ports, 65536))
 540                         yyerror("port number or range (\"low-high\") expected");
 541                 free($2);
 542         }
 543         ;
 544 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
 545         {
 546                 OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
 547                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 548                         yyerror("number expected");
 549                 else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
 550                 free($2);
 551         }
 552         ;
 553 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
 554         {
 555                 OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
 556                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 557                         yyerror("number expected");
 558                 else cfg_parser->cfg->incoming_num_tcp = atoi($2);
 559                 free($2);
 560         }
 561         ;
 562 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
 563         {
 564                 OUTYY(("P(server_interface_automatic:%s)\n", $2));
 565                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 566                         yyerror("expected yes or no.");
 567                 else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
 568                 free($2);
 569         }
 570         ;
 571 server_do_ip4: VAR_DO_IP4 STRING_ARG
 572         {
 573                 OUTYY(("P(server_do_ip4:%s)\n", $2));
 574                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 575                         yyerror("expected yes or no.");
 576                 else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
 577                 free($2);
 578         }
 579         ;
 580 server_do_ip6: VAR_DO_IP6 STRING_ARG
 581         {
 582                 OUTYY(("P(server_do_ip6:%s)\n", $2));
 583                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 584                         yyerror("expected yes or no.");
 585                 else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
 586                 free($2);
 587         }
 588         ;
 589 server_do_udp: VAR_DO_UDP STRING_ARG
 590         {
 591                 OUTYY(("P(server_do_udp:%s)\n", $2));
 592                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 593                         yyerror("expected yes or no.");
 594                 else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
 595                 free($2);
 596         }
 597         ;
 598 server_do_tcp: VAR_DO_TCP STRING_ARG
 599         {
 600                 OUTYY(("P(server_do_tcp:%s)\n", $2));
 601                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 602                         yyerror("expected yes or no.");
 603                 else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
 604                 free($2);
 605         }
 606         ;
 607 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
 608         {
 609                 OUTYY(("P(server_prefer_ip6:%s)\n", $2));
 610                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 611                         yyerror("expected yes or no.");
 612                 else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
 613                 free($2);
 614         }
 615         ;
 616 server_tcp_mss: VAR_TCP_MSS STRING_ARG
 617         {
 618                 OUTYY(("P(server_tcp_mss:%s)\n", $2));
 619                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 620                         yyerror("number expected");
 621                 else cfg_parser->cfg->tcp_mss = atoi($2);
 622                 free($2);
 623         }
 624         ;
 625 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
 626         {
 627                 OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
 628                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
 629                         yyerror("number expected");
 630                 else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
 631                 free($2);
 632         }
 633         ;
 634 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
 635         {
 636                 OUTYY(("P(server_tcp_upstream:%s)\n", $2));
 637                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 638                         yyerror("expected yes or no.");
 639                 else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
 640                 free($2);
 641         }
 642         ;
 643 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
 644         {
 645                 OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
 646                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 647                         yyerror("expected yes or no.");
 648                 else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
 649                 free($2);
 650         }
 651         ;
 652 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
 653         {
 654                 OUTYY(("P(server_ssl_upstream:%s)\n", $2));
 655                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 656                         yyerror("expected yes or no.");
 657                 else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
 658                 free($2);
 659         }
 660         ;
 661 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
 662         {
 663                 OUTYY(("P(server_ssl_service_key:%s)\n", $2));
 664                 free(cfg_parser->cfg->ssl_service_key);
 665                 cfg_parser->cfg->ssl_service_key = $2;
 666         }
 667         ;
 668 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
 669         {
 670                 OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
 671                 free(cfg_parser->cfg->ssl_service_pem);
 672                 cfg_parser->cfg->ssl_service_pem = $2;
 673         }
 674         ;
 675 server_ssl_port: VAR_SSL_PORT STRING_ARG
 676         {
 677                 OUTYY(("P(server_ssl_port:%s)\n", $2));
 678                 if(atoi($2) == 0)
 679                         yyerror("port number expected");
 680                 else cfg_parser->cfg->ssl_port = atoi($2);
 681                 free($2);
 682         }
 683         ;
 684 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
 685         {
 686                 OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
 687                 free(cfg_parser->cfg->tls_cert_bundle);
 688                 cfg_parser->cfg->tls_cert_bundle = $2;
 689         }
 690         ;
 691 server_additional_tls_port: VAR_ADDITIONAL_TLS_PORT STRING_ARG
 692         {
 693                 OUTYY(("P(server_additional_tls_port:%s)\n", $2));
 694                 if(!cfg_strlist_insert(&cfg_parser->cfg->additional_tls_port,
 695                         $2))
 696                         yyerror("out of memory");
 697         }
 698         ;
 699 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
 700         {
 701                 OUTYY(("P(server_use_systemd:%s)\n", $2));
 702                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 703                         yyerror("expected yes or no.");
 704                 else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
 705                 free($2);
 706         }
 707         ;
 708 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
 709         {
 710                 OUTYY(("P(server_do_daemonize:%s)\n", $2));
 711                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 712                         yyerror("expected yes or no.");
 713                 else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
 714                 free($2);
 715         }
 716         ;
 717 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
 718         {
 719                 OUTYY(("P(server_use_syslog:%s)\n", $2));
 720                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 721                         yyerror("expected yes or no.");
 722                 else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
 723 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
 724                 if(strcmp($2, "yes") == 0)
 725                         yyerror("no syslog services are available. "
 726                                 "(reconfigure and compile to add)");
 727 #endif
 728                 free($2);
 729         }
 730         ;
 731 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
 732         {
 733                 OUTYY(("P(server_log_time_ascii:%s)\n", $2));
 734                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 735                         yyerror("expected yes or no.");
 736                 else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
 737                 free($2);
 738         }
 739         ;
 740 server_log_queries: VAR_LOG_QUERIES STRING_ARG
 741         {
 742                 OUTYY(("P(server_log_queries:%s)\n", $2));
 743                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 744                         yyerror("expected yes or no.");
 745                 else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
 746                 free($2);
 747         }
 748         ;
 749 server_log_replies: VAR_LOG_REPLIES STRING_ARG
 750   {
 751         OUTYY(("P(server_log_replies:%s)\n", $2));
 752         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 753                 yyerror("expected yes or no.");
 754         else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
 755         free($2);
 756   }
 757   ;
 758 server_chroot: VAR_CHROOT STRING_ARG
 759         {
 760                 OUTYY(("P(server_chroot:%s)\n", $2));
 761                 free(cfg_parser->cfg->chrootdir);
 762                 cfg_parser->cfg->chrootdir = $2;
 763         }
 764         ;
 765 server_username: VAR_USERNAME STRING_ARG
 766         {
 767                 OUTYY(("P(server_username:%s)\n", $2));
 768                 free(cfg_parser->cfg->username);
 769                 cfg_parser->cfg->username = $2;
 770         }
 771         ;
 772 server_directory: VAR_DIRECTORY STRING_ARG
 773         {
 774                 OUTYY(("P(server_directory:%s)\n", $2));
 775                 free(cfg_parser->cfg->directory);
 776                 cfg_parser->cfg->directory = $2;
 777                 /* change there right away for includes relative to this */
 778                 if($2[0]) {
 779                         char* d;
 780 #ifdef UB_ON_WINDOWS
 781                         w_config_adjust_directory(cfg_parser->cfg);
 782 #endif
 783                         d = cfg_parser->cfg->directory;
 784                         /* adjust directory if we have already chroot,
 785                          * like, we reread after sighup */
 786                         if(cfg_parser->chroot && cfg_parser->chroot[0] &&
 787                                 strncmp(d, cfg_parser->chroot, strlen(
 788                                 cfg_parser->chroot)) == 0)
 789                                 d += strlen(cfg_parser->chroot);
 790                         if(d[0]) {
 791                             if(chdir(d))
 792                                 log_err("cannot chdir to directory: %s (%s)",
 793                                         d, strerror(errno));
 794                         }
 795                 }
 796         }
 797         ;
 798 server_logfile: VAR_LOGFILE STRING_ARG
 799         {
 800                 OUTYY(("P(server_logfile:%s)\n", $2));
 801                 free(cfg_parser->cfg->logfile);
 802                 cfg_parser->cfg->logfile = $2;
 803                 cfg_parser->cfg->use_syslog = 0;
 804         }
 805         ;
 806 server_pidfile: VAR_PIDFILE STRING_ARG
 807         {
 808                 OUTYY(("P(server_pidfile:%s)\n", $2));
 809                 free(cfg_parser->cfg->pidfile);
 810                 cfg_parser->cfg->pidfile = $2;
 811         }
 812         ;
 813 server_root_hints: VAR_ROOT_HINTS STRING_ARG
 814         {
 815                 OUTYY(("P(server_root_hints:%s)\n", $2));
 816                 if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
 817                         yyerror("out of memory");
 818         }
 819         ;
 820 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
 821         {
 822                 OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
 823                 free(cfg_parser->cfg->dlv_anchor_file);
 824                 cfg_parser->cfg->dlv_anchor_file = $2;
 825         }
 826         ;
 827 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
 828         {
 829                 OUTYY(("P(server_dlv_anchor:%s)\n", $2));
 830                 if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2))
 831                         yyerror("out of memory");
 832         }
 833         ;
 834 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
 835         {
 836                 OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
 837                 if(!cfg_strlist_insert(&cfg_parser->cfg->
 838                         auto_trust_anchor_file_list, $2))
 839                         yyerror("out of memory");
 840         }
 841         ;
 842 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
 843         {
 844                 OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
 845                 if(!cfg_strlist_insert(&cfg_parser->cfg->
 846                         trust_anchor_file_list, $2))
 847                         yyerror("out of memory");
 848         }
 849         ;
 850 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
 851         {
 852                 OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
 853                 if(!cfg_strlist_insert(&cfg_parser->cfg->
 854                         trusted_keys_file_list, $2))
 855                         yyerror("out of memory");
 856         }
 857         ;
 858 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
 859         {
 860                 OUTYY(("P(server_trust_anchor:%s)\n", $2));
 861                 if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
 862                         yyerror("out of memory");
 863         }
 864         ;
 865 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
 866         {
 867                 OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
 868                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 869                         yyerror("expected yes or no.");
 870                 else
 871                         cfg_parser->cfg->trust_anchor_signaling =
 872                                 (strcmp($2, "yes")==0);
 873                 free($2);
 874         }
 875         ;
 876 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
 877         {
 878                 OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
 879                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 880                         yyerror("expected yes or no.");
 881                 else
 882                         cfg_parser->cfg->root_key_sentinel =
 883                                 (strcmp($2, "yes")==0);
 884                 free($2);
 885         }
 886         ;
 887 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
 888         {
 889                 OUTYY(("P(server_domain_insecure:%s)\n", $2));
 890                 if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
 891                         yyerror("out of memory");
 892         }
 893         ;
 894 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
 895         {
 896                 OUTYY(("P(server_hide_identity:%s)\n", $2));
 897                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 898                         yyerror("expected yes or no.");
 899                 else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
 900                 free($2);
 901         }
 902         ;
 903 server_hide_version: VAR_HIDE_VERSION STRING_ARG
 904         {
 905                 OUTYY(("P(server_hide_version:%s)\n", $2));
 906                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 907                         yyerror("expected yes or no.");
 908                 else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
 909                 free($2);
 910         }
 911         ;
 912 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
 913         {
 914                 OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
 915                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 916                         yyerror("expected yes or no.");
 917                 else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
 918                 free($2);
 919         }
 920         ;
 921 server_identity: VAR_IDENTITY STRING_ARG
 922         {
 923                 OUTYY(("P(server_identity:%s)\n", $2));
 924                 free(cfg_parser->cfg->identity);
 925                 cfg_parser->cfg->identity = $2;
 926         }
 927         ;
 928 server_version: VAR_VERSION STRING_ARG
 929         {
 930                 OUTYY(("P(server_version:%s)\n", $2));
 931                 free(cfg_parser->cfg->version);
 932                 cfg_parser->cfg->version = $2;
 933         }
 934         ;
 935 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
 936         {
 937                 OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
 938                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
 939                         yyerror("buffer size expected");
 940                 free($2);
 941         }
 942         ;
 943 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
 944         {
 945                 OUTYY(("P(server_so_sndbuf:%s)\n", $2));
 946                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
 947                         yyerror("buffer size expected");
 948                 free($2);
 949         }
 950         ;
 951 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
 952     {
 953         OUTYY(("P(server_so_reuseport:%s)\n", $2));
 954         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 955             yyerror("expected yes or no.");
 956         else cfg_parser->cfg->so_reuseport =
 957             (strcmp($2, "yes")==0);
 958         free($2);
 959     }
 960     ;
 961 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
 962     {
 963         OUTYY(("P(server_ip_transparent:%s)\n", $2));
 964         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 965             yyerror("expected yes or no.");
 966         else cfg_parser->cfg->ip_transparent =
 967             (strcmp($2, "yes")==0);
 968         free($2);
 969     }
 970     ;
 971 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
 972     {
 973         OUTYY(("P(server_ip_freebind:%s)\n", $2));
 974         if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 975             yyerror("expected yes or no.");
 976         else cfg_parser->cfg->ip_freebind =
 977             (strcmp($2, "yes")==0);
 978         free($2);
 979     }
 980     ;
 981 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
 982         {
 983                 OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
 984                 if(atoi($2) == 0)
 985                         yyerror("number expected");
 986                 else if (atoi($2) < 12)
 987                         yyerror("edns buffer size too small");
 988                 else if (atoi($2) > 65535)
 989                         cfg_parser->cfg->edns_buffer_size = 65535;
 990                 else cfg_parser->cfg->edns_buffer_size = atoi($2);
 991                 free($2);
 992         }
 993         ;
 994 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
 995         {
 996                 OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
 997                 if(atoi($2) == 0)
 998                         yyerror("number expected");
 999                 else if (atoi($2) < 4096)
1000                         yyerror("message buffer size too small (use 4096)");
1001                 else cfg_parser->cfg->msg_buffer_size = atoi($2);
1002                 free($2);
1003         }
1004         ;
1005 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1006         {
1007                 OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1008                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1009                         yyerror("memory size expected");
1010                 free($2);
1011         }
1012         ;
1013 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1014         {
1015                 OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1016                 if(atoi($2) == 0)
1017                         yyerror("number expected");
1018                 else {
1019                         cfg_parser->cfg->msg_cache_slabs = atoi($2);
1020                         if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1021                                 yyerror("must be a power of 2");
1022                 }
1023                 free($2);
1024         }
1025         ;
1026 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1027         {
1028                 OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1029                 if(atoi($2) == 0)
1030                         yyerror("number expected");
1031                 else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1032                 free($2);
1033         }
1034         ;
1035 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1036         {
1037                 OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1038                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1039                         yyerror("number expected");
1040                 else cfg_parser->cfg->jostle_time = atoi($2);
1041                 free($2);
1042         }
1043         ;
1044 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1045         {
1046                 OUTYY(("P(server_delay_close:%s)\n", $2));
1047                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1048                         yyerror("number expected");
1049                 else cfg_parser->cfg->delay_close = atoi($2);
1050                 free($2);
1051         }
1052         ;
1053 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1054         {
1055                 OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1056                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1057                         yyerror("expected yes or no.");
1058                 else cfg_parser->cfg->unblock_lan_zones =
1059                         (strcmp($2, "yes")==0);
1060                 free($2);
1061         }
1062         ;
1063 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1064         {
1065                 OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1066                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1067                         yyerror("expected yes or no.");
1068                 else cfg_parser->cfg->insecure_lan_zones =
1069                         (strcmp($2, "yes")==0);
1070                 free($2);
1071         }
1072         ;
1073 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1074         {
1075                 OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1076                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1077                         yyerror("memory size expected");
1078                 free($2);
1079         }
1080         ;
1081 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1082         {
1083                 OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1084                 if(atoi($2) == 0)
1085                         yyerror("number expected");
1086                 else {
1087                         cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1088                         if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1089                                 yyerror("must be a power of 2");
1090                 }
1091                 free($2);
1092         }
1093         ;
1094 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1095         {
1096                 OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1097                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1098                         yyerror("number expected");
1099                 else cfg_parser->cfg->host_ttl = atoi($2);
1100                 free($2);
1101         }
1102         ;
1103 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1104         {
1105                 OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1106                 verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1107                         "removed, use infra-host-ttl)", $2);
1108                 free($2);
1109         }
1110         ;
1111 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1112         {
1113                 OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1114                 if(atoi($2) == 0)
1115                         yyerror("number expected");
1116                 else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1117                 free($2);
1118         }
1119         ;
1120 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1121         {
1122                 OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1123                 verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1124                         "(option removed, use infra-cache-numhosts)", $2);
1125                 free($2);
1126         }
1127         ;
1128 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1129         {
1130                 OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1131                 if(atoi($2) == 0)
1132                         yyerror("number expected");
1133                 else {
1134                         cfg_parser->cfg->infra_cache_slabs = atoi($2);
1135                         if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1136                                 yyerror("must be a power of 2");
1137                 }
1138                 free($2);
1139         }
1140         ;
1141 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1142         {
1143                 OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1144                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1145                         yyerror("number expected");
1146                 else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1147                 free($2);
1148         }
1149         ;
1150 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1151         {
1152                 OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1153                 free(cfg_parser->cfg->target_fetch_policy);
1154                 cfg_parser->cfg->target_fetch_policy = $2;
1155         }
1156         ;
1157 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1158         {
1159                 OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1160                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1161                         yyerror("expected yes or no.");
1162                 else cfg_parser->cfg->harden_short_bufsize =
1163                         (strcmp($2, "yes")==0);
1164                 free($2);
1165         }
1166         ;
1167 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1168         {
1169                 OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1170                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1171                         yyerror("expected yes or no.");
1172                 else cfg_parser->cfg->harden_large_queries =
1173                         (strcmp($2, "yes")==0);
1174                 free($2);
1175         }
1176         ;
1177 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1178         {
1179                 OUTYY(("P(server_harden_glue:%s)\n", $2));
1180                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1181                         yyerror("expected yes or no.");
1182                 else cfg_parser->cfg->harden_glue =
1183                         (strcmp($2, "yes")==0);
1184                 free($2);
1185         }
1186         ;
1187 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1188         {
1189                 OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1190                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1191                         yyerror("expected yes or no.");
1192                 else cfg_parser->cfg->harden_dnssec_stripped =
1193                         (strcmp($2, "yes")==0);
1194                 free($2);
1195         }
1196         ;
1197 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1198         {
1199                 OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1200                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1201                         yyerror("expected yes or no.");
1202                 else cfg_parser->cfg->harden_below_nxdomain =
1203                         (strcmp($2, "yes")==0);
1204                 free($2);
1205         }
1206         ;
1207 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1208         {
1209                 OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1210                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1211                         yyerror("expected yes or no.");
1212                 else cfg_parser->cfg->harden_referral_path =
1213                         (strcmp($2, "yes")==0);
1214                 free($2);
1215         }
1216         ;
1217 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1218         {
1219                 OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1220                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1221                         yyerror("expected yes or no.");
1222                 else cfg_parser->cfg->harden_algo_downgrade =
1223                         (strcmp($2, "yes")==0);
1224                 free($2);
1225         }
1226         ;
1227 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1228         {
1229                 OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1230                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1231                         yyerror("expected yes or no.");
1232                 else cfg_parser->cfg->use_caps_bits_for_id =
1233                         (strcmp($2, "yes")==0);
1234                 free($2);
1235         }
1236         ;
1237 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1238         {
1239                 OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1240                 if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1241                         yyerror("out of memory");
1242         }
1243         ;
1244 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1245         {
1246                 OUTYY(("P(server_private_address:%s)\n", $2));
1247                 if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1248                         yyerror("out of memory");
1249         }
1250         ;
1251 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1252         {
1253                 OUTYY(("P(server_private_domain:%s)\n", $2));
1254                 if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1255                         yyerror("out of memory");
1256         }
1257         ;
1258 server_prefetch: VAR_PREFETCH STRING_ARG
1259         {
1260                 OUTYY(("P(server_prefetch:%s)\n", $2));
1261                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1262                         yyerror("expected yes or no.");
1263                 else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1264                 free($2);
1265         }
1266         ;
1267 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1268         {
1269                 OUTYY(("P(server_prefetch_key:%s)\n", $2));
1270                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1271                         yyerror("expected yes or no.");
1272                 else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1273                 free($2);
1274         }
1275         ;
1276 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1277         {
1278                 OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1279                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1280                         yyerror("number expected");
1281                 else cfg_parser->cfg->unwanted_threshold = atoi($2);
1282                 free($2);
1283         }
1284         ;
1285 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1286         {
1287                 OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1288                 if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1289                         yyerror("out of memory");
1290         }
1291         ;
1292 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1293         {
1294                 OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1295                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1296                         yyerror("expected yes or no.");
1297                 else cfg_parser->cfg->donotquery_localhost =
1298                         (strcmp($2, "yes")==0);
1299                 free($2);
1300         }
1301         ;
1302 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1303         {
1304                 OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1305                 if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
1306                         strcmp($3, "deny_non_local")!=0 &&
1307                         strcmp($3, "refuse_non_local")!=0 &&
1308                         strcmp($3, "allow")!=0 &&
1309                         strcmp($3, "allow_snoop")!=0) {
1310                         yyerror("expected deny, refuse, deny_non_local, "
1311                                 "refuse_non_local, allow or allow_snoop "
1312                                 "in access control action");
1313                 } else {
1314                         if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1315                                 fatal_exit("out of memory adding acl");
1316                 }
1317         }
1318         ;
1319 server_module_conf: VAR_MODULE_CONF STRING_ARG
1320         {
1321                 OUTYY(("P(server_module_conf:%s)\n", $2));
1322                 free(cfg_parser->cfg->module_conf);
1323                 cfg_parser->cfg->module_conf = $2;
1324         }
1325         ;
1326 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1327         {
1328                 OUTYY(("P(server_val_override_date:%s)\n", $2));
1329                 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1330                         cfg_parser->cfg->val_date_override = 0;
1331                 } else if(strlen($2) == 14) {
1332                         cfg_parser->cfg->val_date_override =
1333                                 cfg_convert_timeval($2);
1334                         if(!cfg_parser->cfg->val_date_override)
1335                                 yyerror("bad date/time specification");
1336                 } else {
1337                         if(atoi($2) == 0)
1338                                 yyerror("number expected");
1339                         cfg_parser->cfg->val_date_override = atoi($2);
1340                 }
1341                 free($2);
1342         }
1343         ;
1344 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1345         {
1346                 OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1347                 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1348                         cfg_parser->cfg->val_sig_skew_min = 0;
1349                 } else {
1350                         cfg_parser->cfg->val_sig_skew_min = atoi($2);
1351                         if(!cfg_parser->cfg->val_sig_skew_min)
1352                                 yyerror("number expected");
1353                 }
1354                 free($2);
1355         }
1356         ;
1357 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1358         {
1359                 OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1360                 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1361                         cfg_parser->cfg->val_sig_skew_max = 0;
1362                 } else {
1363                         cfg_parser->cfg->val_sig_skew_max = atoi($2);
1364                         if(!cfg_parser->cfg->val_sig_skew_max)
1365                                 yyerror("number expected");
1366                 }
1367                 free($2);
1368         }
1369         ;
1370 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1371         {
1372                 OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1373                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1374                         yyerror("number expected");
1375                 else cfg_parser->cfg->max_ttl = atoi($2);
1376                 free($2);
1377         }
1378         ;
1379 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1380         {
1381                 OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1382                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1383                         yyerror("number expected");
1384                 else cfg_parser->cfg->max_negative_ttl = atoi($2);
1385                 free($2);
1386         }
1387         ;
1388 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1389         {
1390                 OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1391                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1392                         yyerror("number expected");
1393                 else cfg_parser->cfg->min_ttl = atoi($2);
1394                 free($2);
1395         }
1396         ;
1397 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1398         {
1399                 OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1400                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1401                         yyerror("number expected");
1402                 else cfg_parser->cfg->bogus_ttl = atoi($2);
1403                 free($2);
1404         }
1405         ;
1406 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1407         {
1408                 OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1409                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1410                         yyerror("expected yes or no.");
1411                 else cfg_parser->cfg->val_clean_additional =
1412                         (strcmp($2, "yes")==0);
1413                 free($2);
1414         }
1415         ;
1416 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1417         {
1418                 OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1419                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1420                         yyerror("expected yes or no.");
1421                 else cfg_parser->cfg->val_permissive_mode =
1422                         (strcmp($2, "yes")==0);
1423                 free($2);
1424         }
1425         ;
1426 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
1427         {
1428                 OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
1429                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1430                         yyerror("expected yes or no.");
1431                 else
1432                         cfg_parser->cfg->aggressive_nsec =
1433                                 (strcmp($2, "yes")==0);
1434                 free($2);
1435         }
1436         ;
1437 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
1438         {
1439                 OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
1440                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1441                         yyerror("expected yes or no.");
1442                 else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
1443                 free($2);
1444         }
1445         ;
1446 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
1447         {
1448                 OUTYY(("P(server_serve_expired:%s)\n", $2));
1449                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1450                         yyerror("expected yes or no.");
1451                 else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
1452                 free($2);
1453         }
1454         ;
1455 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
1456         {
1457                 OUTYY(("P(server_fake_dsa:%s)\n", $2));
1458                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1459                         yyerror("expected yes or no.");
1460 #ifdef HAVE_SSL
1461                 else fake_dsa = (strcmp($2, "yes")==0);
1462                 if(fake_dsa)
1463                         log_warn("test option fake_dsa is enabled");
1464 #endif
1465                 free($2);
1466         }
1467         ;
1468 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
1469         {
1470                 OUTYY(("P(server_fake_sha1:%s)\n", $2));
1471                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1472                         yyerror("expected yes or no.");
1473 #ifdef HAVE_SSL
1474                 else fake_sha1 = (strcmp($2, "yes")==0);
1475                 if(fake_sha1)
1476                         log_warn("test option fake_sha1 is enabled");
1477 #endif
1478                 free($2);
1479         }
1480         ;
1481 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
1482         {
1483                 OUTYY(("P(server_val_log_level:%s)\n", $2));
1484                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1485                         yyerror("number expected");
1486                 else cfg_parser->cfg->val_log_level = atoi($2);
1487                 free($2);
1488         }
1489         ;
1490 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
1491         {
1492                 OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
1493                 free(cfg_parser->cfg->val_nsec3_key_iterations);
1494                 cfg_parser->cfg->val_nsec3_key_iterations = $2;
1495         }
1496         ;
1497 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
1498         {
1499                 OUTYY(("P(server_add_holddown:%s)\n", $2));
1500                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1501                         yyerror("number expected");
1502                 else cfg_parser->cfg->add_holddown = atoi($2);
1503                 free($2);
1504         }
1505         ;
1506 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
1507         {
1508                 OUTYY(("P(server_del_holddown:%s)\n", $2));
1509                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1510                         yyerror("number expected");
1511                 else cfg_parser->cfg->del_holddown = atoi($2);
1512                 free($2);
1513         }
1514         ;
1515 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
1516         {
1517                 OUTYY(("P(server_keep_missing:%s)\n", $2));
1518                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1519                         yyerror("number expected");
1520                 else cfg_parser->cfg->keep_missing = atoi($2);
1521                 free($2);
1522         }
1523         ;
1524 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
1525         {
1526                 OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
1527                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1528                         yyerror("expected yes or no.");
1529                 else cfg_parser->cfg->permit_small_holddown =
1530                         (strcmp($2, "yes")==0);
1531                 free($2);
1532         }
1533 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
1534         {
1535                 OUTYY(("P(server_key_cache_size:%s)\n", $2));
1536                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
1537                         yyerror("memory size expected");
1538                 free($2);
1539         }
1540         ;
1541 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
1542         {
1543                 OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
1544                 if(atoi($2) == 0)
1545                         yyerror("number expected");
1546                 else {
1547                         cfg_parser->cfg->key_cache_slabs = atoi($2);
1548                         if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
1549                                 yyerror("must be a power of 2");
1550                 }
1551                 free($2);
1552         }
1553         ;
1554 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
1555         {
1556                 OUTYY(("P(server_neg_cache_size:%s)\n", $2));
1557                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
1558                         yyerror("memory size expected");
1559                 free($2);
1560         }
1561         ;
1562 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
1563         {
1564                 OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
1565                 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
1566                    strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
1567                    strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
1568                    && strcmp($3, "typetransparent")!=0
1569                    && strcmp($3, "always_transparent")!=0
1570                    && strcmp($3, "always_refuse")!=0
1571                    && strcmp($3, "always_nxdomain")!=0
1572                    && strcmp($3, "noview")!=0
1573                    && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0)
1574                         yyerror("local-zone type: expected static, deny, "
1575                                 "refuse, redirect, transparent, "
1576                                 "typetransparent, inform, inform_deny, "
1577                                 "always_transparent, always_refuse, "
1578                                 "always_nxdomain, noview or nodefault");
1579                 else if(strcmp($3, "nodefault")==0) {
1580                         if(!cfg_strlist_insert(&cfg_parser->cfg->
1581                                 local_zones_nodefault, $2))
1582                                 fatal_exit("out of memory adding local-zone");
1583                         free($3);
1584                 } else {
1585                         if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
1586                                 $2, $3))
1587                                 fatal_exit("out of memory adding local-zone");
1588                 }
1589         }
1590         ;
1591 server_local_data: VAR_LOCAL_DATA STRING_ARG
1592         {
1593                 OUTYY(("P(server_local_data:%s)\n", $2));
1594                 if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
1595                         fatal_exit("out of memory adding local-data");
1596         }
1597         ;
1598 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
1599         {
1600                 char* ptr;
1601                 OUTYY(("P(server_local_data_ptr:%s)\n", $2));
1602                 ptr = cfg_ptr_reverse($2);
1603                 free($2);
1604                 if(ptr) {
1605                         if(!cfg_strlist_insert(&cfg_parser->cfg->
1606                                 local_data, ptr))
1607                                 fatal_exit("out of memory adding local-data");
1608                 } else {
1609                         yyerror("local-data-ptr could not be reversed");
1610                 }
1611         }
1612         ;
1613 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
1614         {
1615                 OUTYY(("P(server_minimal_responses:%s)\n", $2));
1616                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1617                         yyerror("expected yes or no.");
1618                 else cfg_parser->cfg->minimal_responses =
1619                         (strcmp($2, "yes")==0);
1620                 free($2);
1621         }
1622         ;
1623 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
1624         {
1625                 OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
1626                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1627                         yyerror("expected yes or no.");
1628                 else cfg_parser->cfg->rrset_roundrobin =
1629                         (strcmp($2, "yes")==0);
1630                 free($2);
1631         }
1632         ;
1633 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
1634         {
1635                 OUTYY(("P(server_max_udp_size:%s)\n", $2));
1636                 cfg_parser->cfg->max_udp_size = atoi($2);
1637                 free($2);
1638         }
1639         ;
1640 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
1641         {
1642                 OUTYY(("P(dns64_prefix:%s)\n", $2));
1643                 free(cfg_parser->cfg->dns64_prefix);
1644                 cfg_parser->cfg->dns64_prefix = $2;
1645         }
1646         ;
1647 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
1648         {
1649                 OUTYY(("P(server_dns64_synthall:%s)\n", $2));
1650                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1651                         yyerror("expected yes or no.");
1652                 else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
1653                 free($2);
1654         }
1655         ;
1656 server_define_tag: VAR_DEFINE_TAG STRING_ARG
1657         {
1658                 char* p, *s = $2;
1659                 OUTYY(("P(server_define_tag:%s)\n", $2));
1660                 while((p=strsep(&s, " \t\n")) != NULL) {
1661                         if(*p) {
1662                                 if(!config_add_tag(cfg_parser->cfg, p))
1663                                         yyerror("could not define-tag, "
1664                                                 "out of memory");
1665                         }
1666                 }
1667                 free($2);
1668         }
1669         ;
1670 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
1671         {
1672                 size_t len = 0;
1673                 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1674                         &len);
1675                 free($3);
1676                 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
1677                 if(!bitlist)
1678                         yyerror("could not parse tags, (define-tag them first)");
1679                 if(bitlist) {
1680                         if(!cfg_strbytelist_insert(
1681                                 &cfg_parser->cfg->local_zone_tags,
1682                                 $2, bitlist, len)) {
1683                                 yyerror("out of memory");
1684                                 free($2);
1685                         }
1686                 }
1687         }
1688         ;
1689 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
1690         {
1691                 size_t len = 0;
1692                 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1693                         &len);
1694                 free($3);
1695                 OUTYY(("P(server_access_control_tag:%s)\n", $2));
1696                 if(!bitlist)
1697                         yyerror("could not parse tags, (define-tag them first)");
1698                 if(bitlist) {
1699                         if(!cfg_strbytelist_insert(
1700                                 &cfg_parser->cfg->acl_tags,
1701                                 $2, bitlist, len)) {
1702                                 yyerror("out of memory");
1703                                 free($2);
1704                         }
1705                 }
1706         }
1707         ;
1708 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
1709         {
1710                 OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
1711                 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
1712                         $2, $3, $4)) {
1713                         yyerror("out of memory");
1714                         free($2);
1715                         free($3);
1716                         free($4);
1717                 }
1718         }
1719         ;
1720 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
1721         {
1722                 OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
1723                 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
1724                         $2, $3, $4)) {
1725                         yyerror("out of memory");
1726                         free($2);
1727                         free($3);
1728                         free($4);
1729                 }
1730         }
1731         ;
1732 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
1733         {
1734                 OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
1735                 if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
1736                         $2, $3, $4)) {
1737                         yyerror("out of memory");
1738                         free($2);
1739                         free($3);
1740                         free($4);
1741                 }
1742         }
1743         ;
1744 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
1745         {
1746                 OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
1747                 if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
1748                         $2, $3)) {
1749                         yyerror("out of memory");
1750                         free($2);
1751                         free($3);
1752                 }
1753         }
1754         ;
1755 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
1756         {
1757                 size_t len = 0;
1758                 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
1759                         &len);
1760                 free($3);
1761                 OUTYY(("P(response_ip_tag:%s)\n", $2));
1762                 if(!bitlist)
1763                         yyerror("could not parse tags, (define-tag them first)");
1764                 if(bitlist) {
1765                         if(!cfg_strbytelist_insert(
1766                                 &cfg_parser->cfg->respip_tags,
1767                                 $2, bitlist, len)) {
1768                                 yyerror("out of memory");
1769                                 free($2);
1770                         }
1771                 }
1772         }
1773         ;
1774 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
1775         {
1776                 OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
1777                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1778                         yyerror("number expected");
1779                 else cfg_parser->cfg->ip_ratelimit = atoi($2);
1780                 free($2);
1781         }
1782         ;
1783
1784 server_ratelimit: VAR_RATELIMIT STRING_ARG
1785         {
1786                 OUTYY(("P(server_ratelimit:%s)\n", $2));
1787                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1788                         yyerror("number expected");
1789                 else cfg_parser->cfg->ratelimit = atoi($2);
1790                 free($2);
1791         }
1792         ;
1793 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
1794   {
1795         OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
1796         if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
1797                 yyerror("memory size expected");
1798         free($2);
1799   }
1800   ;
1801 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
1802         {
1803                 OUTYY(("P(server_ratelimit_size:%s)\n", $2));
1804                 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
1805                         yyerror("memory size expected");
1806                 free($2);
1807         }
1808         ;
1809 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
1810   {
1811         OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
1812         if(atoi($2) == 0)
1813                 yyerror("number expected");
1814         else {
1815                 cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
1816                 if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
1817                         yyerror("must be a power of 2");
1818         }
1819         free($2);
1820   }
1821   ;
1822 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
1823         {
1824                 OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
1825                 if(atoi($2) == 0)
1826                         yyerror("number expected");
1827                 else {
1828                         cfg_parser->cfg->ratelimit_slabs = atoi($2);
1829                         if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
1830                                 yyerror("must be a power of 2");
1831                 }
1832                 free($2);
1833         }
1834         ;
1835 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
1836         {
1837                 OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
1838                 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
1839                         yyerror("number expected");
1840                 } else {
1841                         if(!cfg_str2list_insert(&cfg_parser->cfg->
1842                                 ratelimit_for_domain, $2, $3))
1843                                 fatal_exit("out of memory adding "
1844                                         "ratelimit-for-domain");
1845                 }
1846         }
1847         ;
1848 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
1849         {
1850                 OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
1851                 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
1852                         yyerror("number expected");
1853                 } else {
1854                         if(!cfg_str2list_insert(&cfg_parser->cfg->
1855                                 ratelimit_below_domain, $2, $3))
1856                                 fatal_exit("out of memory adding "
1857                                         "ratelimit-below-domain");
1858                 }
1859         }
1860         ;
1861 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
1862   {
1863         OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
1864         if(atoi($2) == 0 && strcmp($2, "0") != 0)
1865                 yyerror("number expected");
1866         else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
1867         free($2);
1868         }
1869         ;
1870 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
1871         {
1872                 OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
1873                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1874                         yyerror("number expected");
1875                 else cfg_parser->cfg->ratelimit_factor = atoi($2);
1876                 free($2);
1877         }
1878         ;
1879 server_low_rtt: VAR_LOW_RTT STRING_ARG
1880         {
1881                 OUTYY(("P(server_low_rtt:%s)\n", $2));
1882                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1883                         yyerror("number expected");
1884                 else cfg_parser->cfg->low_rtt = atoi($2);
1885                 free($2);
1886         }
1887         ;
1888 server_low_rtt_pct: VAR_LOW_RTT_PCT STRING_ARG
1889         {
1890                 OUTYY(("P(server_low_rtt_pct:%s)\n", $2));
1891                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1892                         yyerror("number expected");
1893                 else cfg_parser->cfg->low_rtt_pct = atoi($2);
1894                 free($2);
1895         }
1896         ;
1897 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
1898         {
1899                 OUTYY(("P(server_qname_minimisation:%s)\n", $2));
1900                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1901                         yyerror("expected yes or no.");
1902                 else cfg_parser->cfg->qname_minimisation =
1903                         (strcmp($2, "yes")==0);
1904                 free($2);
1905         }
1906         ;
1907 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
1908         {
1909                 OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
1910                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1911                         yyerror("expected yes or no.");
1912                 else cfg_parser->cfg->qname_minimisation_strict =
1913                         (strcmp($2, "yes")==0);
1914                 free($2);
1915         }
1916         ;
1917 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
1918         {
1919         #ifdef USE_IPSECMOD
1920                 OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
1921                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1922                         yyerror("expected yes or no.");
1923                 else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
1924                 free($2);
1925         #else
1926                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1927         #endif
1928         }
1929         ;
1930 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
1931         {
1932         #ifdef USE_IPSECMOD
1933                 OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
1934                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1935                         yyerror("expected yes or no.");
1936                 else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
1937                 free($2);
1938         #else
1939                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1940         #endif
1941         }
1942         ;
1943 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
1944         {
1945         #ifdef USE_IPSECMOD
1946                 OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
1947                 free(cfg_parser->cfg->ipsecmod_hook);
1948                 cfg_parser->cfg->ipsecmod_hook = $2;
1949         #else
1950                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1951         #endif
1952         }
1953         ;
1954 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
1955         {
1956         #ifdef USE_IPSECMOD
1957                 OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
1958                 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1959                         yyerror("number expected");
1960                 else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
1961                 free($2);
1962         #else
1963                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1964         #endif
1965         }
1966         ;
1967 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
1968         {
1969         #ifdef USE_IPSECMOD
1970                 OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
1971                 if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
1972                         yyerror("out of memory");
1973         #else
1974                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1975         #endif
1976         }
1977         ;
1978 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
1979         {
1980         #ifdef USE_IPSECMOD
1981                 OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
1982                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1983                         yyerror("expected yes or no.");
1984                 else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
1985                 free($2);
1986         #else
1987                 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
1988         #endif
1989         }
1990         ;
1991 stub_name: VAR_NAME STRING_ARG
1992         {
1993                 OUTYY(("P(name:%s)\n", $2));
1994                 if(cfg_parser->cfg->stubs->name)
1995                         yyerror("stub name override, there must be one name "
1996                                 "for one stub-zone");
1997                 free(cfg_parser->cfg->stubs->name);
1998                 cfg_parser->cfg->stubs->name = $2;
1999         }
2000         ;
2001 stub_host: VAR_STUB_HOST STRING_ARG
2002         {
2003                 OUTYY(("P(stub-host:%s)\n", $2));
2004                 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2005                         yyerror("out of memory");
2006         }
2007         ;
2008 stub_addr: VAR_STUB_ADDR STRING_ARG
2009         {
2010                 OUTYY(("P(stub-addr:%s)\n", $2));
2011                 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2012                         yyerror("out of memory");
2013         }
2014         ;
2015 stub_first: VAR_STUB_FIRST STRING_ARG
2016         {
2017                 OUTYY(("P(stub-first:%s)\n", $2));
2018                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2019                         yyerror("expected yes or no.");
2020                 else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2021                 free($2);
2022         }
2023         ;
2024 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2025         {
2026                 OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2027                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2028                         yyerror("expected yes or no.");
2029                 else cfg_parser->cfg->stubs->ssl_upstream =
2030                         (strcmp($2, "yes")==0);
2031                 free($2);
2032         }
2033         ;
2034 stub_prime: VAR_STUB_PRIME STRING_ARG
2035         {
2036                 OUTYY(("P(stub-prime:%s)\n", $2));
2037                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2038                         yyerror("expected yes or no.");
2039                 else cfg_parser->cfg->stubs->isprime =
2040                         (strcmp($2, "yes")==0);
2041                 free($2);
2042         }
2043         ;
2044 forward_name: VAR_NAME STRING_ARG
2045         {
2046                 OUTYY(("P(name:%s)\n", $2));
2047                 if(cfg_parser->cfg->forwards->name)
2048                         yyerror("forward name override, there must be one "
2049                                 "name for one forward-zone");
2050                 free(cfg_parser->cfg->forwards->name);
2051                 cfg_parser->cfg->forwards->name = $2;
2052         }
2053         ;
2054 forward_host: VAR_FORWARD_HOST STRING_ARG
2055         {
2056                 OUTYY(("P(forward-host:%s)\n", $2));
2057                 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
2058                         yyerror("out of memory");
2059         }
2060         ;
2061 forward_addr: VAR_FORWARD_ADDR STRING_ARG
2062         {
2063                 OUTYY(("P(forward-addr:%s)\n", $2));
2064                 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
2065                         yyerror("out of memory");
2066         }
2067         ;
2068 forward_first: VAR_FORWARD_FIRST STRING_ARG
2069         {
2070                 OUTYY(("P(forward-first:%s)\n", $2));
2071                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2072                         yyerror("expected yes or no.");
2073                 else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
2074                 free($2);
2075         }
2076         ;
2077 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
2078         {
2079                 OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
2080                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2081                         yyerror("expected yes or no.");
2082                 else cfg_parser->cfg->forwards->ssl_upstream =
2083                         (strcmp($2, "yes")==0);
2084                 free($2);
2085         }
2086         ;
2087 auth_name: VAR_NAME STRING_ARG
2088         {
2089                 OUTYY(("P(name:%s)\n", $2));
2090                 if(cfg_parser->cfg->auths->name)
2091                         yyerror("auth name override, there must be one name "
2092                                 "for one auth-zone");
2093                 free(cfg_parser->cfg->auths->name);
2094                 cfg_parser->cfg->auths->name = $2;
2095         }
2096         ;
2097 auth_zonefile: VAR_ZONEFILE STRING_ARG
2098         {
2099                 OUTYY(("P(zonefile:%s)\n", $2));
2100                 free(cfg_parser->cfg->auths->zonefile);
2101                 cfg_parser->cfg->auths->zonefile = $2;
2102         }
2103         ;
2104 auth_master: VAR_MASTER STRING_ARG
2105         {
2106                 OUTYY(("P(master:%s)\n", $2));
2107                 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
2108                         yyerror("out of memory");
2109         }
2110         ;
2111 auth_url: VAR_URL STRING_ARG
2112         {
2113                 OUTYY(("P(url:%s)\n", $2));
2114                 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
2115                         yyerror("out of memory");
2116         }
2117         ;
2118 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
2119         {
2120                 OUTYY(("P(allow-notify:%s)\n", $2));
2121                 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
2122                         $2))
2123                         yyerror("out of memory");
2124         }
2125         ;
2126 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
2127         {
2128                 OUTYY(("P(for-downstream:%s)\n", $2));
2129                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2130                         yyerror("expected yes or no.");
2131                 else cfg_parser->cfg->auths->for_downstream =
2132                         (strcmp($2, "yes")==0);
2133                 free($2);
2134         }
2135         ;
2136 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
2137         {
2138                 OUTYY(("P(for-upstream:%s)\n", $2));
2139                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2140                         yyerror("expected yes or no.");
2141                 else cfg_parser->cfg->auths->for_upstream =
2142                         (strcmp($2, "yes")==0);
2143                 free($2);
2144         }
2145         ;
2146 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
2147         {
2148                 OUTYY(("P(fallback-enabled:%s)\n", $2));
2149                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2150                         yyerror("expected yes or no.");
2151                 else cfg_parser->cfg->auths->fallback_enabled =
2152                         (strcmp($2, "yes")==0);
2153                 free($2);
2154         }
2155         ;
2156 view_name: VAR_NAME STRING_ARG
2157         {
2158                 OUTYY(("P(name:%s)\n", $2));
2159                 if(cfg_parser->cfg->views->name)
2160                         yyerror("view name override, there must be one "
2161                                 "name for one view");
2162                 free(cfg_parser->cfg->views->name);
2163                 cfg_parser->cfg->views->name = $2;
2164         }
2165         ;
2166 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2167         {
2168                 OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
2169                 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2170                    strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2171                    strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2172                    && strcmp($3, "typetransparent")!=0
2173                    && strcmp($3, "always_transparent")!=0
2174                    && strcmp($3, "always_refuse")!=0
2175                    && strcmp($3, "always_nxdomain")!=0
2176                    && strcmp($3, "noview")!=0
2177                    && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0)
2178                         yyerror("local-zone type: expected static, deny, "
2179                                 "refuse, redirect, transparent, "
2180                                 "typetransparent, inform, inform_deny, "
2181                                 "always_transparent, always_refuse, "
2182                                 "always_nxdomain, noview or nodefault");
2183                 else if(strcmp($3, "nodefault")==0) {
2184                         if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2185                                 local_zones_nodefault, $2))
2186                                 fatal_exit("out of memory adding local-zone");
2187                         free($3);
2188                 } else {
2189                         if(!cfg_str2list_insert(
2190                                 &cfg_parser->cfg->views->local_zones,
2191                                 $2, $3))
2192                                 fatal_exit("out of memory adding local-zone");
2193                 }
2194         }
2195         ;
2196 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2197         {
2198                 OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
2199                 validate_respip_action($3);
2200                 if(!cfg_str2list_insert(
2201                         &cfg_parser->cfg->views->respip_actions, $2, $3))
2202                         fatal_exit("out of memory adding per-view "
2203                                 "response-ip action");
2204         }
2205         ;
2206 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2207         {
2208                 OUTYY(("P(view_response_ip_data:%s)\n", $2));
2209                 if(!cfg_str2list_insert(
2210                         &cfg_parser->cfg->views->respip_data, $2, $3))
2211                         fatal_exit("out of memory adding response-ip-data");
2212         }
2213         ;
2214 view_local_data: VAR_LOCAL_DATA STRING_ARG
2215         {
2216                 OUTYY(("P(view_local_data:%s)\n", $2));
2217                 if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
2218                         fatal_exit("out of memory adding local-data");
2219                         free($2);
2220                 }
2221         }
2222         ;
2223 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2224         {
2225                 char* ptr;
2226                 OUTYY(("P(view_local_data_ptr:%s)\n", $2));
2227                 ptr = cfg_ptr_reverse($2);
2228                 free($2);
2229                 if(ptr) {
2230                         if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2231                                 local_data, ptr))
2232                                 fatal_exit("out of memory adding local-data");
2233                 } else {
2234                         yyerror("local-data-ptr could not be reversed");
2235                 }
2236         }
2237         ;
2238 view_first: VAR_VIEW_FIRST STRING_ARG
2239         {
2240                 OUTYY(("P(view-first:%s)\n", $2));
2241                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2242                         yyerror("expected yes or no.");
2243                 else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
2244                 free($2);
2245         }
2246         ;
2247 rcstart: VAR_REMOTE_CONTROL
2248         {
2249                 OUTYY(("\nP(remote-control:)\n"));
2250         }
2251         ;
2252 contents_rc: contents_rc content_rc
2253         | ;
2254 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
2255         rc_server_key_file | rc_server_cert_file | rc_control_key_file |
2256         rc_control_cert_file | rc_control_use_cert
2257         ;
2258 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
2259         {
2260                 OUTYY(("P(control_enable:%s)\n", $2));
2261                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2262                         yyerror("expected yes or no.");
2263                 else cfg_parser->cfg->remote_control_enable =
2264                         (strcmp($2, "yes")==0);
2265                 free($2);
2266         }
2267         ;
2268 rc_control_port: VAR_CONTROL_PORT STRING_ARG
2269         {
2270                 OUTYY(("P(control_port:%s)\n", $2));
2271                 if(atoi($2) == 0)
2272                         yyerror("control port number expected");
2273                 else cfg_parser->cfg->control_port = atoi($2);
2274                 free($2);
2275         }
2276         ;
2277 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
2278         {
2279                 OUTYY(("P(control_interface:%s)\n", $2));
2280                 if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, $2))
2281                         yyerror("out of memory");
2282         }
2283         ;
2284 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
2285         {
2286                 OUTYY(("P(control_use_cert:%s)\n", $2));
2287                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2288                         yyerror("expected yes or no.");
2289                 else cfg_parser->cfg->remote_control_use_cert =
2290                         (strcmp($2, "yes")==0);
2291                 free($2);
2292         }
2293         ;
2294 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
2295         {
2296                 OUTYY(("P(rc_server_key_file:%s)\n", $2));
2297                 free(cfg_parser->cfg->server_key_file);
2298                 cfg_parser->cfg->server_key_file = $2;
2299         }
2300         ;
2301 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
2302         {
2303                 OUTYY(("P(rc_server_cert_file:%s)\n", $2));
2304                 free(cfg_parser->cfg->server_cert_file);
2305                 cfg_parser->cfg->server_cert_file = $2;
2306         }
2307         ;
2308 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
2309         {
2310                 OUTYY(("P(rc_control_key_file:%s)\n", $2));
2311                 free(cfg_parser->cfg->control_key_file);
2312                 cfg_parser->cfg->control_key_file = $2;
2313         }
2314         ;
2315 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
2316         {
2317                 OUTYY(("P(rc_control_cert_file:%s)\n", $2));
2318                 free(cfg_parser->cfg->control_cert_file);
2319                 cfg_parser->cfg->control_cert_file = $2;
2320         }
2321         ;
2322 dtstart: VAR_DNSTAP
2323         {
2324                 OUTYY(("\nP(dnstap:)\n"));
2325         }
2326         ;
2327 contents_dt: contents_dt content_dt
2328         | ;
2329 content_dt: dt_dnstap_enable | dt_dnstap_socket_path |
2330         dt_dnstap_send_identity | dt_dnstap_send_version |
2331         dt_dnstap_identity | dt_dnstap_version |
2332         dt_dnstap_log_resolver_query_messages |
2333         dt_dnstap_log_resolver_response_messages |
2334         dt_dnstap_log_client_query_messages |
2335         dt_dnstap_log_client_response_messages |
2336         dt_dnstap_log_forwarder_query_messages |
2337         dt_dnstap_log_forwarder_response_messages
2338         ;
2339 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
2340         {
2341                 OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
2342                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2343                         yyerror("expected yes or no.");
2344                 else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
2345         }
2346         ;
2347 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
2348         {
2349                 OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
2350                 free(cfg_parser->cfg->dnstap_socket_path);
2351                 cfg_parser->cfg->dnstap_socket_path = $2;
2352         }
2353         ;
2354 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
2355         {
2356                 OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
2357                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2358                         yyerror("expected yes or no.");
2359                 else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
2360         }
2361         ;
2362 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
2363         {
2364                 OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
2365                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2366                         yyerror("expected yes or no.");
2367                 else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
2368         }
2369         ;
2370 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
2371         {
2372                 OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
2373                 free(cfg_parser->cfg->dnstap_identity);
2374                 cfg_parser->cfg->dnstap_identity = $2;
2375         }
2376         ;
2377 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
2378         {
2379                 OUTYY(("P(dt_dnstap_version:%s)\n", $2));
2380                 free(cfg_parser->cfg->dnstap_version);
2381                 cfg_parser->cfg->dnstap_version = $2;
2382         }
2383         ;
2384 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
2385         {
2386                 OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
2387                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2388                         yyerror("expected yes or no.");
2389                 else cfg_parser->cfg->dnstap_log_resolver_query_messages =
2390                         (strcmp($2, "yes")==0);
2391         }
2392         ;
2393 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
2394         {
2395                 OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
2396                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2397                         yyerror("expected yes or no.");
2398                 else cfg_parser->cfg->dnstap_log_resolver_response_messages =
2399                         (strcmp($2, "yes")==0);
2400         }
2401         ;
2402 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
2403         {
2404                 OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
2405                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2406                         yyerror("expected yes or no.");
2407                 else cfg_parser->cfg->dnstap_log_client_query_messages =
2408                         (strcmp($2, "yes")==0);
2409         }
2410         ;
2411 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
2412         {
2413                 OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
2414                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2415                         yyerror("expected yes or no.");
2416                 else cfg_parser->cfg->dnstap_log_client_response_messages =
2417                         (strcmp($2, "yes")==0);
2418         }
2419         ;
2420 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
2421         {
2422                 OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
2423                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2424                         yyerror("expected yes or no.");
2425                 else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
2426                         (strcmp($2, "yes")==0);
2427         }
2428         ;
2429 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
2430         {
2431                 OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
2432                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2433                         yyerror("expected yes or no.");
2434                 else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
2435                         (strcmp($2, "yes")==0);
2436         }
2437         ;
2438 pythonstart: VAR_PYTHON
2439         {
2440                 OUTYY(("\nP(python:)\n"));
2441         }
2442         ;
2443 contents_py: contents_py content_py
2444         | ;
2445 content_py: py_script
2446         ;
2447 py_script: VAR_PYTHON_SCRIPT STRING_ARG
2448         {
2449                 OUTYY(("P(python-script:%s)\n", $2));
2450                 free(cfg_parser->cfg->python_script);
2451                 cfg_parser->cfg->python_script = $2;
2452         }
2453 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
2454         {
2455                 OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
2456                 if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2457                         yyerror("expected yes or no.");
2458                 else cfg_parser->cfg->disable_dnssec_lame_check =
2459                         (strcmp($2, "yes")==0);
2460                 free($2);
2461         }
2462         ;
2463 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
2464         {
2465                 OUTYY(("P(server_log_identity:%s)\n", $2));
2466                 free(cfg_parser->cfg->log_identity);
2467                 cfg_parser->cfg->log_identity = $2;
2468         }
2469         ;
2470 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2471         {
2472                 OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
2473                 validate_respip_action($3);
2474                 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
2475                         $2, $3))
2476                         fatal_exit("out of memory adding response-ip");
2477         }
2478         ;
2479 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2480         {
2481                 OUTYY(("P(server_response_ip_data:%s)\n", $2));
2482                         if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
2483                                 $2, $3))
2484                                 fatal_exit("out of memory adding response-ip-data");
2485         }
2486         ;
2487 dnscstart: VAR_DNSCRYPT
2488         {
2489                 OUTYY(("\nP(dnscrypt:)\n"));
2490                 OUTYY(("\nP(dnscrypt:)\n"));
2491         }
2492         ;
2493 contents_dnsc: contents_dnsc content_dnsc
2494         | ;
2495 content_dnsc:
2496         dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
2497         dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
2498         dnsc_dnscrypt_provider_cert_rotated |
2499         dnsc_dnscrypt_shared_secret_cache_size |
2500         dnsc_dnscrypt_shared_secret_cache_slabs |
2501         dnsc_dnscrypt_nonce_cache_size |
2502         dnsc_dnscrypt_nonce_cache_slabs
2503         ;
2504 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
2505         {
2506                 OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
2507                 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2508                         yyerror("expected yes or no.");
2509                 else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
2510                 free($2);
2511         }
2512         ;
2513
2514 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
2515         {
2516                 OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
2517
2518                 if(atoi($2) == 0)
2519                         yyerror("port number expected");
2520                 else cfg_parser->cfg->dnscrypt_port = atoi($2);
2521                 free($2);
2522         }
2523         ;
2524 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
2525         {
2526                 OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
2527                 free(cfg_parser->cfg->dnscrypt_provider);
2528                 cfg_parser->cfg->dnscrypt_provider = $2;
2529         }
2530         ;
2531 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
2532         {
2533                 OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
2534                 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
2535                         log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
2536                 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
2537                         fatal_exit("out of memory adding dnscrypt-provider-cert");
2538         }
2539         ;
2540 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
2541         {
2542                 OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
2543                 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
2544                         fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
2545         }
2546         ;
2547 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
2548         {
2549                 OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
2550                 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
2551                         log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
2552                 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
2553                         fatal_exit("out of memory adding dnscrypt-secret-key");
2554         }
2555         ;
2556 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
2557   {
2558         OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
2559         if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
2560                 yyerror("memory size expected");
2561         free($2);
2562   }
2563   ;
2564 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
2565   {
2566         OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
2567         if(atoi($2) == 0)
2568                 yyerror("number expected");
2569         else {
2570                 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
2571                 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
2572                         yyerror("must be a power of 2");
2573         }
2574         free($2);
2575   }
2576   ;
2577 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
2578   {
2579         OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
2580         if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
2581                 yyerror("memory size expected");
2582         free($2);
2583   }
2584   ;
2585 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
2586   {
2587         OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
2588         if(atoi($2) == 0)
2589                 yyerror("number expected");
2590         else {
2591                 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
2592                 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
2593                         yyerror("must be a power of 2");
2594         }
2595         free($2);
2596   }
2597   ;
2598 cachedbstart: VAR_CACHEDB
2599         {
2600                 OUTYY(("\nP(cachedb:)\n"));
2601         }
2602         ;
2603 contents_cachedb: contents_cachedb content_cachedb
2604         | ;
2605 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
2606         redis_server_host | redis_server_port | redis_timeout
2607         ;
2608 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
2609         {
2610         #ifdef USE_CACHEDB
2611                 OUTYY(("P(backend:%s)\n", $2));
2612                 if(cfg_parser->cfg->cachedb_backend)
2613                         yyerror("cachedb backend override, there must be one "
2614                                 "backend");
2615                 free(cfg_parser->cfg->cachedb_backend);
2616                 cfg_parser->cfg->cachedb_backend = $2;
2617         #else
2618                 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
2619         #endif
2620         }
2621         ;
2622 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
2623         {
2624         #ifdef USE_CACHEDB
2625                 OUTYY(("P(secret-seed:%s)\n", $2));
2626                 if(cfg_parser->cfg->cachedb_secret)
2627                         yyerror("cachedb secret-seed override, there must be "
2628                                 "only one secret");
2629                 free(cfg_parser->cfg->cachedb_secret);
2630                 cfg_parser->cfg->cachedb_secret = $2;
2631         #else
2632                 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
2633                 free($2);
2634         #endif
2635         }
2636         ;
2637 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
2638         {
2639         #if defined(USE_CACHEDB) && defined(USE_REDIS)
2640                 OUTYY(("P(redis_server_host:%s)\n", $2));
2641                 free(cfg_parser->cfg->redis_server_host);
2642                 cfg_parser->cfg->redis_server_host = $2;
2643         #else
2644                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2645                 free($2);
2646         #endif
2647         }
2648         ;
2649 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
2650         {
2651         #if defined(USE_CACHEDB) && defined(USE_REDIS)
2652                 int port;
2653                 OUTYY(("P(redis_server_port:%s)\n", $2));
2654                 port = atoi($2);
2655                 if(port == 0 || port < 0 || port > 65535)
2656                         yyerror("valid redis server port number expected");
2657                 else cfg_parser->cfg->redis_server_port = port;
2658         #else
2659                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2660         #endif
2661                 free($2);
2662         }
2663         ;
2664 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
2665         {
2666         #if defined(USE_CACHEDB) && defined(USE_REDIS)
2667                 OUTYY(("P(redis_timeout:%s)\n", $2));
2668                 if(atoi($2) == 0)
2669                         yyerror("redis timeout value expected");
2670                 else cfg_parser->cfg->redis_timeout = atoi($2);
2671         #else
2672                 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
2673         #endif
2674                 free($2);
2675         }
2676         ;
2677 %%
2678
2679 /* parse helper routines could be here */
2680 static void
2681 validate_respip_action(const char* action)
2682 {
2683         if(strcmp(action, "deny")!=0 &&
2684                 strcmp(action, "redirect")!=0 &&
2685                 strcmp(action, "inform")!=0 &&
2686                 strcmp(action, "inform_deny")!=0 &&
2687                 strcmp(action, "always_transparent")!=0 &&
2688                 strcmp(action, "always_refuse")!=0 &&
2689                 strcmp(action, "always_nxdomain")!=0)
2690         {
2691                 yyerror("response-ip action: expected deny, redirect, "
2692                         "inform, inform_deny, always_transparent, "
2693                         "always_refuse or always_nxdomain");
2694         }
2695 }