2 * configparser.y -- yacc grammar for unbound configuration files
4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
6 * Copyright (c) 2007, NLnet Labs. All rights reserved.
8 * This software is open source.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
14 * Redistributions of source code must retain the above copyright notice,
15 * this list of conditions and the following disclaimer.
17 * Redistributions in binary form must reproduce the above copyright notice,
18 * this list of conditions and the following disclaimer in the documentation
19 * and/or other materials provided with the distribution.
21 * Neither the name of the NLNET LABS nor the names of its contributors may
22 * be used to endorse or promote products derived from this software without
23 * specific prior written permission.
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
31 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
47 #include "util/configyyrename.h"
48 #include "util/config_file.h"
49 #include "util/net_help.h"
52 void ub_c_error(const char *message);
54 static void validate_respip_action(const char* action);
56 /* these need to be global, otherwise they cannot be used inside yacc */
57 extern struct config_parser_state* cfg_parser;
60 #define OUTYY(s) printf s /* used ONLY when debugging */
70 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
71 %token <str> STRING_ARG
72 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
73 %token VAR_OUTGOING_RANGE VAR_INTERFACE
74 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
75 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
76 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
77 %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE
78 %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD
79 %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP
80 %token VAR_INFRA_HOST_TTL VAR_INFRA_LAME_TTL VAR_INFRA_CACHE_SLABS
81 %token VAR_INFRA_CACHE_NUMHOSTS VAR_INFRA_CACHE_LAME_SIZE VAR_NAME
82 %token VAR_STUB_ZONE VAR_STUB_HOST VAR_STUB_ADDR VAR_TARGET_FETCH_POLICY
83 %token VAR_HARDEN_SHORT_BUFSIZE VAR_HARDEN_LARGE_QUERIES
84 %token VAR_FORWARD_ZONE VAR_FORWARD_HOST VAR_FORWARD_ADDR
85 %token VAR_DO_NOT_QUERY_ADDRESS VAR_HIDE_IDENTITY VAR_HIDE_VERSION
86 %token VAR_IDENTITY VAR_VERSION VAR_HARDEN_GLUE VAR_MODULE_CONF
87 %token VAR_TRUST_ANCHOR_FILE VAR_TRUST_ANCHOR VAR_VAL_OVERRIDE_DATE
88 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
89 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
90 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE
91 %token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
92 %token VAR_OUTGOING_INTERFACE VAR_ROOT_HINTS VAR_DO_NOT_QUERY_LOCALHOST
93 %token VAR_CACHE_MAX_TTL VAR_HARDEN_DNSSEC_STRIPPED VAR_ACCESS_CONTROL
94 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
95 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
96 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
97 %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
98 %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
99 %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
100 %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
101 %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
102 %token VAR_CONTROL_USE_CERT
103 %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
104 %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
105 %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
106 %token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL
107 %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
108 %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
109 %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
110 %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS
111 %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
112 %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
113 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
114 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
115 %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
116 %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
117 %token VAR_INFRA_CACHE_MIN_RTT
118 %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
119 %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH
120 %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION
121 %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
122 %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
123 %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
124 %token VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES
125 %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
126 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
127 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
128 %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
129 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
130 %token VAR_DISABLE_DNSSEC_LAME_CHECK
131 %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
132 %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
133 %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
134 %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
135 %token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
136 %token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
137 %token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
138 %token VAR_MIN_CLIENT_SUBNET_IPV4 VAR_MIN_CLIENT_SUBNET_IPV6
139 %token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
140 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
141 %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
142 %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
143 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
144 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
145 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL
146 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
147 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_FAKE_DSA
148 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
149 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
150 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
151 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
152 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
153 %token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED
154 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE
155 %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS
156 %token VAR_DNSCRYPT_NONCE_CACHE_SIZE
157 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
158 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
159 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
160 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
161 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
162 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
163 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
164 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
165 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
166 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
167 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
168 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
169 %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES
170 %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
171 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
172 %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
175 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
176 toplevelvar: serverstart contents_server | stubstart contents_stub |
177 forwardstart contents_forward | pythonstart contents_py |
178 rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
179 dnscstart contents_dnsc | cachedbstart contents_cachedb |
180 ipsetstart contents_ipset | authstart contents_auth |
181 rpzstart contents_rpz
184 /* server: declaration */
185 serverstart: VAR_SERVER
187 OUTYY(("\nP(server:)\n"));
190 contents_server: contents_server content_server
192 content_server: server_num_threads | server_verbosity | server_port |
193 server_outgoing_range | server_do_ip4 |
194 server_do_ip6 | server_prefer_ip6 |
195 server_do_udp | server_do_tcp |
196 server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
197 server_tcp_keepalive | server_tcp_keepalive_timeout |
198 server_interface | server_chroot | server_username |
199 server_directory | server_logfile | server_pidfile |
200 server_msg_cache_size | server_msg_cache_slabs |
201 server_num_queries_per_thread | server_rrset_cache_size |
202 server_rrset_cache_slabs | server_outgoing_num_tcp |
203 server_infra_host_ttl | server_infra_lame_ttl |
204 server_infra_cache_slabs | server_infra_cache_numhosts |
205 server_infra_cache_lame_size | server_target_fetch_policy |
206 server_harden_short_bufsize | server_harden_large_queries |
207 server_do_not_query_address | server_hide_identity |
208 server_hide_version | server_identity | server_version |
209 server_harden_glue | server_module_conf | server_trust_anchor_file |
210 server_trust_anchor | server_val_override_date | server_bogus_ttl |
211 server_val_clean_additional | server_val_permissive_mode |
212 server_incoming_num_tcp | server_msg_buffer_size |
213 server_key_cache_size | server_key_cache_slabs |
214 server_trusted_keys_file | server_val_nsec3_keysize_iterations |
215 server_use_syslog | server_outgoing_interface | server_root_hints |
216 server_do_not_query_localhost | server_cache_max_ttl |
217 server_harden_dnssec_stripped | server_access_control |
218 server_local_zone | server_local_data | server_interface_automatic |
219 server_statistics_interval | server_do_daemonize |
220 server_use_caps_for_id | server_statistics_cumulative |
221 server_outgoing_port_permit | server_outgoing_port_avoid |
222 server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
223 server_harden_referral_path | server_private_address |
224 server_private_domain | server_extended_statistics |
225 server_local_data_ptr | server_jostle_timeout |
226 server_unwanted_reply_threshold | server_log_time_ascii |
227 server_domain_insecure | server_val_sig_skew_min |
228 server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level |
229 server_auto_trust_anchor_file | server_add_holddown |
230 server_del_holddown | server_keep_missing | server_so_rcvbuf |
231 server_edns_buffer_size | server_prefetch | server_prefetch_key |
232 server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
233 server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
234 server_log_local_actions |
235 server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
236 server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
237 server_so_reuseport | server_delay_close |
238 server_unblock_lan_zones | server_insecure_lan_zones |
239 server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
240 server_infra_cache_min_rtt | server_harden_algo_downgrade |
241 server_ip_transparent | server_ip_ratelimit | server_ratelimit |
242 server_ip_ratelimit_slabs | server_ratelimit_slabs |
243 server_ip_ratelimit_size | server_ratelimit_size |
244 server_ratelimit_for_domain |
245 server_ratelimit_below_domain | server_ratelimit_factor |
246 server_ip_ratelimit_factor | server_send_client_subnet |
247 server_client_subnet_zone | server_client_subnet_always_forward |
248 server_client_subnet_opcode |
249 server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
250 server_min_client_subnet_ipv4 | server_min_client_subnet_ipv6 |
251 server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
252 server_caps_whitelist | server_cache_max_negative_ttl |
253 server_permit_small_holddown | server_qname_minimisation |
254 server_ip_freebind | server_define_tag | server_local_zone_tag |
255 server_disable_dnssec_lame_check | server_access_control_tag |
256 server_local_zone_override | server_access_control_tag_action |
257 server_access_control_tag_data | server_access_control_view |
258 server_qname_minimisation_strict | server_serve_expired |
259 server_serve_expired_ttl | server_serve_expired_ttl_reset |
260 server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
261 server_fake_dsa | server_log_identity | server_use_systemd |
262 server_response_ip_tag | server_response_ip | server_response_ip_data |
263 server_shm_enable | server_shm_key | server_fake_sha1 |
264 server_hide_trustanchor | server_trust_anchor_signaling |
265 server_root_key_sentinel |
266 server_ipsecmod_enabled | server_ipsecmod_hook |
267 server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
268 server_ipsecmod_whitelist | server_ipsecmod_strict |
269 server_udp_upstream_without_downstream | server_aggressive_nsec |
270 server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
271 server_fast_server_permil | server_fast_server_num | server_tls_win_cert |
272 server_tcp_connection_limit | server_log_servfail | server_deny_any |
273 server_unknown_server_time_limit | server_log_tag_queryreply |
274 server_stream_wait_size | server_tls_ciphers |
275 server_tls_ciphersuites | server_tls_session_ticket_keys
277 stubstart: VAR_STUB_ZONE
279 struct config_stub* s;
280 OUTYY(("\nP(stub_zone:)\n"));
281 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
283 s->next = cfg_parser->cfg->stubs;
284 cfg_parser->cfg->stubs = s;
286 yyerror("out of memory");
289 contents_stub: contents_stub content_stub
291 content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first |
292 stub_no_cache | stub_ssl_upstream
294 forwardstart: VAR_FORWARD_ZONE
296 struct config_stub* s;
297 OUTYY(("\nP(forward_zone:)\n"));
298 s = (struct config_stub*)calloc(1, sizeof(struct config_stub));
300 s->next = cfg_parser->cfg->forwards;
301 cfg_parser->cfg->forwards = s;
303 yyerror("out of memory");
306 contents_forward: contents_forward content_forward
308 content_forward: forward_name | forward_host | forward_addr | forward_first |
309 forward_no_cache | forward_ssl_upstream
313 struct config_view* s;
314 OUTYY(("\nP(view:)\n"));
315 s = (struct config_view*)calloc(1, sizeof(struct config_view));
317 s->next = cfg_parser->cfg->views;
318 if(s->next && !s->next->name)
319 yyerror("view without name");
320 cfg_parser->cfg->views = s;
322 yyerror("out of memory");
325 contents_view: contents_view content_view
327 content_view: view_name | view_local_zone | view_local_data | view_first |
328 view_response_ip | view_response_ip_data | view_local_data_ptr
330 authstart: VAR_AUTH_ZONE
332 struct config_auth* s;
333 OUTYY(("\nP(auth_zone:)\n"));
334 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
336 s->next = cfg_parser->cfg->auths;
337 cfg_parser->cfg->auths = s;
338 /* defaults for auth zone */
339 s->for_downstream = 1;
341 s->fallback_enabled = 0;
344 yyerror("out of memory");
347 contents_auth: contents_auth content_auth
349 content_auth: auth_name | auth_zonefile | auth_master | auth_url |
350 auth_for_downstream | auth_for_upstream | auth_fallback_enabled |
354 rpz_tag: VAR_TAGS STRING_ARG
358 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
359 bitlist = config_parse_taglist(cfg_parser->cfg, $2,
363 yyerror("could not parse tags, (define-tag them first)");
366 cfg_parser->cfg->auths->rpz_taglist = bitlist;
367 cfg_parser->cfg->auths->rpz_taglistlen = len;
373 rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG
375 OUTYY(("P(rpz_action_override:%s)\n", $2));
376 if(strcmp($2, "nxdomain")!=0 && strcmp($2, "nodata")!=0 &&
377 strcmp($2, "passthru")!=0 && strcmp($2, "drop")!=0 &&
378 strcmp($2, "cname")!=0 && strcmp($2, "disabled")!=0) {
379 yyerror("rpz-action-override action: expected nxdomain, "
380 "nodata, passthru, drop, cname or disabled");
382 cfg_parser->cfg->auths->rpz_action_override = NULL;
385 cfg_parser->cfg->auths->rpz_action_override = $2;
390 rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG
392 OUTYY(("P(rpz_cname_override:%s)\n", $2));
393 free(cfg_parser->cfg->auths->rpz_cname);
394 cfg_parser->cfg->auths->rpz_cname = $2;
398 rpz_log: VAR_RPZ_LOG STRING_ARG
400 OUTYY(("P(rpz_log:%s)\n", $2));
401 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
402 yyerror("expected yes or no.");
403 else cfg_parser->cfg->auths->rpz_log = (strcmp($2, "yes")==0);
408 rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG
410 OUTYY(("P(rpz_log_name:%s)\n", $2));
411 free(cfg_parser->cfg->auths->rpz_log_name);
412 cfg_parser->cfg->auths->rpz_log_name = $2;
418 struct config_auth* s;
419 OUTYY(("\nP(rpz:)\n"));
420 s = (struct config_auth*)calloc(1, sizeof(struct config_auth));
422 s->next = cfg_parser->cfg->auths;
423 cfg_parser->cfg->auths = s;
424 /* defaults for RPZ auth zone */
425 s->for_downstream = 0;
427 s->fallback_enabled = 0;
430 yyerror("out of memory");
433 contents_rpz: contents_rpz content_rpz
435 content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url |
436 auth_allow_notify | rpz_action_override | rpz_cname_override |
437 rpz_log | rpz_log_name
439 server_num_threads: VAR_NUM_THREADS STRING_ARG
441 OUTYY(("P(server_num_threads:%s)\n", $2));
442 if(atoi($2) == 0 && strcmp($2, "0") != 0)
443 yyerror("number expected");
444 else cfg_parser->cfg->num_threads = atoi($2);
448 server_verbosity: VAR_VERBOSITY STRING_ARG
450 OUTYY(("P(server_verbosity:%s)\n", $2));
451 if(atoi($2) == 0 && strcmp($2, "0") != 0)
452 yyerror("number expected");
453 else cfg_parser->cfg->verbosity = atoi($2);
457 server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG
459 OUTYY(("P(server_statistics_interval:%s)\n", $2));
460 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
461 cfg_parser->cfg->stat_interval = 0;
462 else if(atoi($2) == 0)
463 yyerror("number expected");
464 else cfg_parser->cfg->stat_interval = atoi($2);
468 server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG
470 OUTYY(("P(server_statistics_cumulative:%s)\n", $2));
471 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
472 yyerror("expected yes or no.");
473 else cfg_parser->cfg->stat_cumulative = (strcmp($2, "yes")==0);
477 server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
479 OUTYY(("P(server_extended_statistics:%s)\n", $2));
480 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
481 yyerror("expected yes or no.");
482 else cfg_parser->cfg->stat_extended = (strcmp($2, "yes")==0);
486 server_shm_enable: VAR_SHM_ENABLE STRING_ARG
488 OUTYY(("P(server_shm_enable:%s)\n", $2));
489 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
490 yyerror("expected yes or no.");
491 else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0);
495 server_shm_key: VAR_SHM_KEY STRING_ARG
497 OUTYY(("P(server_shm_key:%s)\n", $2));
498 if(strcmp($2, "") == 0 || strcmp($2, "0") == 0)
499 cfg_parser->cfg->shm_key = 0;
500 else if(atoi($2) == 0)
501 yyerror("number expected");
502 else cfg_parser->cfg->shm_key = atoi($2);
506 server_port: VAR_PORT STRING_ARG
508 OUTYY(("P(server_port:%s)\n", $2));
510 yyerror("port number expected");
511 else cfg_parser->cfg->port = atoi($2);
515 server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG
518 OUTYY(("P(server_send_client_subnet:%s)\n", $2));
519 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2))
520 fatal_exit("out of memory adding client-subnet");
522 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
527 server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG
530 OUTYY(("P(server_client_subnet_zone:%s)\n", $2));
531 if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone,
533 fatal_exit("out of memory adding client-subnet-zone");
535 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
540 server_client_subnet_always_forward:
541 VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG
544 OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2));
545 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
546 yyerror("expected yes or no.");
548 cfg_parser->cfg->client_subnet_always_forward =
549 (strcmp($2, "yes")==0);
551 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
556 server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG
559 OUTYY(("P(client_subnet_opcode:%s)\n", $2));
560 OUTYY(("P(Deprecated option, ignoring)\n"));
562 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
567 server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG
570 OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2));
571 if(atoi($2) == 0 && strcmp($2, "0") != 0)
572 yyerror("IPv4 subnet length expected");
573 else if (atoi($2) > 32)
574 cfg_parser->cfg->max_client_subnet_ipv4 = 32;
575 else if (atoi($2) < 0)
576 cfg_parser->cfg->max_client_subnet_ipv4 = 0;
577 else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2);
579 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
584 server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG
587 OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2));
588 if(atoi($2) == 0 && strcmp($2, "0") != 0)
589 yyerror("Ipv6 subnet length expected");
590 else if (atoi($2) > 128)
591 cfg_parser->cfg->max_client_subnet_ipv6 = 128;
592 else if (atoi($2) < 0)
593 cfg_parser->cfg->max_client_subnet_ipv6 = 0;
594 else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2);
596 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
601 server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG
604 OUTYY(("P(min_client_subnet_ipv4:%s)\n", $2));
605 if(atoi($2) == 0 && strcmp($2, "0") != 0)
606 yyerror("IPv4 subnet length expected");
607 else if (atoi($2) > 32)
608 cfg_parser->cfg->min_client_subnet_ipv4 = 32;
609 else if (atoi($2) < 0)
610 cfg_parser->cfg->min_client_subnet_ipv4 = 0;
611 else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi($2);
613 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
618 server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG
621 OUTYY(("P(min_client_subnet_ipv6:%s)\n", $2));
622 if(atoi($2) == 0 && strcmp($2, "0") != 0)
623 yyerror("Ipv6 subnet length expected");
624 else if (atoi($2) > 128)
625 cfg_parser->cfg->min_client_subnet_ipv6 = 128;
626 else if (atoi($2) < 0)
627 cfg_parser->cfg->min_client_subnet_ipv6 = 0;
628 else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi($2);
630 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
635 server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
638 OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
639 if(atoi($2) == 0 && strcmp($2, "0") != 0)
640 yyerror("IPv4 ECS tree size expected");
641 else if (atoi($2) < 0)
642 cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
643 else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
645 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
650 server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
653 OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
654 if(atoi($2) == 0 && strcmp($2, "0") != 0)
655 yyerror("IPv6 ECS tree size expected");
656 else if (atoi($2) < 0)
657 cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
658 else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
660 OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
665 server_interface: VAR_INTERFACE STRING_ARG
667 OUTYY(("P(server_interface:%s)\n", $2));
668 if(cfg_parser->cfg->num_ifs == 0)
669 cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
670 else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
671 (cfg_parser->cfg->num_ifs+1)*sizeof(char*));
672 if(!cfg_parser->cfg->ifs)
673 yyerror("out of memory");
675 cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
678 server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG
680 OUTYY(("P(server_outgoing_interface:%s)\n", $2));
681 if(cfg_parser->cfg->num_out_ifs == 0)
682 cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
683 else cfg_parser->cfg->out_ifs = realloc(
684 cfg_parser->cfg->out_ifs,
685 (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
686 if(!cfg_parser->cfg->out_ifs)
687 yyerror("out of memory");
689 cfg_parser->cfg->out_ifs[
690 cfg_parser->cfg->num_out_ifs++] = $2;
693 server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG
695 OUTYY(("P(server_outgoing_range:%s)\n", $2));
697 yyerror("number expected");
698 else cfg_parser->cfg->outgoing_num_ports = atoi($2);
702 server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG
704 OUTYY(("P(server_outgoing_port_permit:%s)\n", $2));
705 if(!cfg_mark_ports($2, 1,
706 cfg_parser->cfg->outgoing_avail_ports, 65536))
707 yyerror("port number or range (\"low-high\") expected");
711 server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG
713 OUTYY(("P(server_outgoing_port_avoid:%s)\n", $2));
714 if(!cfg_mark_ports($2, 0,
715 cfg_parser->cfg->outgoing_avail_ports, 65536))
716 yyerror("port number or range (\"low-high\") expected");
720 server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG
722 OUTYY(("P(server_outgoing_num_tcp:%s)\n", $2));
723 if(atoi($2) == 0 && strcmp($2, "0") != 0)
724 yyerror("number expected");
725 else cfg_parser->cfg->outgoing_num_tcp = atoi($2);
729 server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG
731 OUTYY(("P(server_incoming_num_tcp:%s)\n", $2));
732 if(atoi($2) == 0 && strcmp($2, "0") != 0)
733 yyerror("number expected");
734 else cfg_parser->cfg->incoming_num_tcp = atoi($2);
738 server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG
740 OUTYY(("P(server_interface_automatic:%s)\n", $2));
741 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
742 yyerror("expected yes or no.");
743 else cfg_parser->cfg->if_automatic = (strcmp($2, "yes")==0);
747 server_do_ip4: VAR_DO_IP4 STRING_ARG
749 OUTYY(("P(server_do_ip4:%s)\n", $2));
750 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
751 yyerror("expected yes or no.");
752 else cfg_parser->cfg->do_ip4 = (strcmp($2, "yes")==0);
756 server_do_ip6: VAR_DO_IP6 STRING_ARG
758 OUTYY(("P(server_do_ip6:%s)\n", $2));
759 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
760 yyerror("expected yes or no.");
761 else cfg_parser->cfg->do_ip6 = (strcmp($2, "yes")==0);
765 server_do_udp: VAR_DO_UDP STRING_ARG
767 OUTYY(("P(server_do_udp:%s)\n", $2));
768 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
769 yyerror("expected yes or no.");
770 else cfg_parser->cfg->do_udp = (strcmp($2, "yes")==0);
774 server_do_tcp: VAR_DO_TCP STRING_ARG
776 OUTYY(("P(server_do_tcp:%s)\n", $2));
777 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
778 yyerror("expected yes or no.");
779 else cfg_parser->cfg->do_tcp = (strcmp($2, "yes")==0);
783 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
785 OUTYY(("P(server_prefer_ip6:%s)\n", $2));
786 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
787 yyerror("expected yes or no.");
788 else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0);
792 server_tcp_mss: VAR_TCP_MSS STRING_ARG
794 OUTYY(("P(server_tcp_mss:%s)\n", $2));
795 if(atoi($2) == 0 && strcmp($2, "0") != 0)
796 yyerror("number expected");
797 else cfg_parser->cfg->tcp_mss = atoi($2);
801 server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG
803 OUTYY(("P(server_outgoing_tcp_mss:%s)\n", $2));
804 if(atoi($2) == 0 && strcmp($2, "0") != 0)
805 yyerror("number expected");
806 else cfg_parser->cfg->outgoing_tcp_mss = atoi($2);
810 server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG
812 OUTYY(("P(server_tcp_idle_timeout:%s)\n", $2));
813 if(atoi($2) == 0 && strcmp($2, "0") != 0)
814 yyerror("number expected");
815 else if (atoi($2) > 120000)
816 cfg_parser->cfg->tcp_idle_timeout = 120000;
817 else if (atoi($2) < 1)
818 cfg_parser->cfg->tcp_idle_timeout = 1;
819 else cfg_parser->cfg->tcp_idle_timeout = atoi($2);
823 server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG
825 OUTYY(("P(server_tcp_keepalive:%s)\n", $2));
826 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
827 yyerror("expected yes or no.");
828 else cfg_parser->cfg->do_tcp_keepalive = (strcmp($2, "yes")==0);
832 server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG
834 OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", $2));
835 if(atoi($2) == 0 && strcmp($2, "0") != 0)
836 yyerror("number expected");
837 else if (atoi($2) > 6553500)
838 cfg_parser->cfg->tcp_keepalive_timeout = 6553500;
839 else if (atoi($2) < 1)
840 cfg_parser->cfg->tcp_keepalive_timeout = 0;
841 else cfg_parser->cfg->tcp_keepalive_timeout = atoi($2);
845 server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
847 OUTYY(("P(server_tcp_upstream:%s)\n", $2));
848 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
849 yyerror("expected yes or no.");
850 else cfg_parser->cfg->tcp_upstream = (strcmp($2, "yes")==0);
854 server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
856 OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
857 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
858 yyerror("expected yes or no.");
859 else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
863 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
865 OUTYY(("P(server_ssl_upstream:%s)\n", $2));
866 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
867 yyerror("expected yes or no.");
868 else cfg_parser->cfg->ssl_upstream = (strcmp($2, "yes")==0);
872 server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG
874 OUTYY(("P(server_ssl_service_key:%s)\n", $2));
875 free(cfg_parser->cfg->ssl_service_key);
876 cfg_parser->cfg->ssl_service_key = $2;
879 server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG
881 OUTYY(("P(server_ssl_service_pem:%s)\n", $2));
882 free(cfg_parser->cfg->ssl_service_pem);
883 cfg_parser->cfg->ssl_service_pem = $2;
886 server_ssl_port: VAR_SSL_PORT STRING_ARG
888 OUTYY(("P(server_ssl_port:%s)\n", $2));
890 yyerror("port number expected");
891 else cfg_parser->cfg->ssl_port = atoi($2);
895 server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG
897 OUTYY(("P(server_tls_cert_bundle:%s)\n", $2));
898 free(cfg_parser->cfg->tls_cert_bundle);
899 cfg_parser->cfg->tls_cert_bundle = $2;
902 server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
904 OUTYY(("P(server_tls_win_cert:%s)\n", $2));
905 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
906 yyerror("expected yes or no.");
907 else cfg_parser->cfg->tls_win_cert = (strcmp($2, "yes")==0);
911 server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
913 OUTYY(("P(server_tls_additional_port:%s)\n", $2));
914 if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
916 yyerror("out of memory");
919 server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG
921 OUTYY(("P(server_tls_ciphers:%s)\n", $2));
922 free(cfg_parser->cfg->tls_ciphers);
923 cfg_parser->cfg->tls_ciphers = $2;
926 server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
928 OUTYY(("P(server_tls_ciphersuites:%s)\n", $2));
929 free(cfg_parser->cfg->tls_ciphersuites);
930 cfg_parser->cfg->tls_ciphersuites = $2;
933 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
935 OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
936 if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
938 yyerror("out of memory");
941 server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
943 OUTYY(("P(server_use_systemd:%s)\n", $2));
944 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
945 yyerror("expected yes or no.");
946 else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
950 server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
952 OUTYY(("P(server_do_daemonize:%s)\n", $2));
953 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
954 yyerror("expected yes or no.");
955 else cfg_parser->cfg->do_daemonize = (strcmp($2, "yes")==0);
959 server_use_syslog: VAR_USE_SYSLOG STRING_ARG
961 OUTYY(("P(server_use_syslog:%s)\n", $2));
962 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
963 yyerror("expected yes or no.");
964 else cfg_parser->cfg->use_syslog = (strcmp($2, "yes")==0);
965 #if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS)
966 if(strcmp($2, "yes") == 0)
967 yyerror("no syslog services are available. "
968 "(reconfigure and compile to add)");
973 server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG
975 OUTYY(("P(server_log_time_ascii:%s)\n", $2));
976 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
977 yyerror("expected yes or no.");
978 else cfg_parser->cfg->log_time_ascii = (strcmp($2, "yes")==0);
982 server_log_queries: VAR_LOG_QUERIES STRING_ARG
984 OUTYY(("P(server_log_queries:%s)\n", $2));
985 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
986 yyerror("expected yes or no.");
987 else cfg_parser->cfg->log_queries = (strcmp($2, "yes")==0);
991 server_log_replies: VAR_LOG_REPLIES STRING_ARG
993 OUTYY(("P(server_log_replies:%s)\n", $2));
994 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
995 yyerror("expected yes or no.");
996 else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
1000 server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG
1002 OUTYY(("P(server_log_tag_queryreply:%s)\n", $2));
1003 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1004 yyerror("expected yes or no.");
1005 else cfg_parser->cfg->log_tag_queryreply = (strcmp($2, "yes")==0);
1009 server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG
1011 OUTYY(("P(server_log_servfail:%s)\n", $2));
1012 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1013 yyerror("expected yes or no.");
1014 else cfg_parser->cfg->log_servfail = (strcmp($2, "yes")==0);
1018 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
1020 OUTYY(("P(server_log_local_actions:%s)\n", $2));
1021 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1022 yyerror("expected yes or no.");
1023 else cfg_parser->cfg->log_local_actions = (strcmp($2, "yes")==0);
1027 server_chroot: VAR_CHROOT STRING_ARG
1029 OUTYY(("P(server_chroot:%s)\n", $2));
1030 free(cfg_parser->cfg->chrootdir);
1031 cfg_parser->cfg->chrootdir = $2;
1034 server_username: VAR_USERNAME STRING_ARG
1036 OUTYY(("P(server_username:%s)\n", $2));
1037 free(cfg_parser->cfg->username);
1038 cfg_parser->cfg->username = $2;
1041 server_directory: VAR_DIRECTORY STRING_ARG
1043 OUTYY(("P(server_directory:%s)\n", $2));
1044 free(cfg_parser->cfg->directory);
1045 cfg_parser->cfg->directory = $2;
1046 /* change there right away for includes relative to this */
1049 #ifdef UB_ON_WINDOWS
1050 w_config_adjust_directory(cfg_parser->cfg);
1052 d = cfg_parser->cfg->directory;
1053 /* adjust directory if we have already chroot,
1054 * like, we reread after sighup */
1055 if(cfg_parser->chroot && cfg_parser->chroot[0] &&
1056 strncmp(d, cfg_parser->chroot, strlen(
1057 cfg_parser->chroot)) == 0)
1058 d += strlen(cfg_parser->chroot);
1061 log_err("cannot chdir to directory: %s (%s)",
1062 d, strerror(errno));
1067 server_logfile: VAR_LOGFILE STRING_ARG
1069 OUTYY(("P(server_logfile:%s)\n", $2));
1070 free(cfg_parser->cfg->logfile);
1071 cfg_parser->cfg->logfile = $2;
1072 cfg_parser->cfg->use_syslog = 0;
1075 server_pidfile: VAR_PIDFILE STRING_ARG
1077 OUTYY(("P(server_pidfile:%s)\n", $2));
1078 free(cfg_parser->cfg->pidfile);
1079 cfg_parser->cfg->pidfile = $2;
1082 server_root_hints: VAR_ROOT_HINTS STRING_ARG
1084 OUTYY(("P(server_root_hints:%s)\n", $2));
1085 if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, $2))
1086 yyerror("out of memory");
1089 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG
1091 OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
1092 free(cfg_parser->cfg->dlv_anchor_file);
1093 cfg_parser->cfg->dlv_anchor_file = $2;
1096 server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG
1098 OUTYY(("P(server_dlv_anchor:%s)\n", $2));
1099 if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2))
1100 yyerror("out of memory");
1103 server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG
1105 OUTYY(("P(server_auto_trust_anchor_file:%s)\n", $2));
1106 if(!cfg_strlist_insert(&cfg_parser->cfg->
1107 auto_trust_anchor_file_list, $2))
1108 yyerror("out of memory");
1111 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG
1113 OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
1114 if(!cfg_strlist_insert(&cfg_parser->cfg->
1115 trust_anchor_file_list, $2))
1116 yyerror("out of memory");
1119 server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG
1121 OUTYY(("P(server_trusted_keys_file:%s)\n", $2));
1122 if(!cfg_strlist_insert(&cfg_parser->cfg->
1123 trusted_keys_file_list, $2))
1124 yyerror("out of memory");
1127 server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG
1129 OUTYY(("P(server_trust_anchor:%s)\n", $2));
1130 if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, $2))
1131 yyerror("out of memory");
1134 server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG
1136 OUTYY(("P(server_trust_anchor_signaling:%s)\n", $2));
1137 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1138 yyerror("expected yes or no.");
1140 cfg_parser->cfg->trust_anchor_signaling =
1141 (strcmp($2, "yes")==0);
1145 server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG
1147 OUTYY(("P(server_root_key_sentinel:%s)\n", $2));
1148 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1149 yyerror("expected yes or no.");
1151 cfg_parser->cfg->root_key_sentinel =
1152 (strcmp($2, "yes")==0);
1156 server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG
1158 OUTYY(("P(server_domain_insecure:%s)\n", $2));
1159 if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, $2))
1160 yyerror("out of memory");
1163 server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG
1165 OUTYY(("P(server_hide_identity:%s)\n", $2));
1166 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1167 yyerror("expected yes or no.");
1168 else cfg_parser->cfg->hide_identity = (strcmp($2, "yes")==0);
1172 server_hide_version: VAR_HIDE_VERSION STRING_ARG
1174 OUTYY(("P(server_hide_version:%s)\n", $2));
1175 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1176 yyerror("expected yes or no.");
1177 else cfg_parser->cfg->hide_version = (strcmp($2, "yes")==0);
1181 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
1183 OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
1184 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1185 yyerror("expected yes or no.");
1186 else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
1190 server_identity: VAR_IDENTITY STRING_ARG
1192 OUTYY(("P(server_identity:%s)\n", $2));
1193 free(cfg_parser->cfg->identity);
1194 cfg_parser->cfg->identity = $2;
1197 server_version: VAR_VERSION STRING_ARG
1199 OUTYY(("P(server_version:%s)\n", $2));
1200 free(cfg_parser->cfg->version);
1201 cfg_parser->cfg->version = $2;
1204 server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG
1206 OUTYY(("P(server_so_rcvbuf:%s)\n", $2));
1207 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_rcvbuf))
1208 yyerror("buffer size expected");
1212 server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG
1214 OUTYY(("P(server_so_sndbuf:%s)\n", $2));
1215 if(!cfg_parse_memsize($2, &cfg_parser->cfg->so_sndbuf))
1216 yyerror("buffer size expected");
1220 server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG
1222 OUTYY(("P(server_so_reuseport:%s)\n", $2));
1223 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1224 yyerror("expected yes or no.");
1225 else cfg_parser->cfg->so_reuseport =
1226 (strcmp($2, "yes")==0);
1230 server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG
1232 OUTYY(("P(server_ip_transparent:%s)\n", $2));
1233 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1234 yyerror("expected yes or no.");
1235 else cfg_parser->cfg->ip_transparent =
1236 (strcmp($2, "yes")==0);
1240 server_ip_freebind: VAR_IP_FREEBIND STRING_ARG
1242 OUTYY(("P(server_ip_freebind:%s)\n", $2));
1243 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1244 yyerror("expected yes or no.");
1245 else cfg_parser->cfg->ip_freebind =
1246 (strcmp($2, "yes")==0);
1250 server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG
1252 OUTYY(("P(server_stream_wait_size:%s)\n", $2));
1253 if(!cfg_parse_memsize($2, &cfg_parser->cfg->stream_wait_size))
1254 yyerror("memory size expected");
1258 server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG
1260 OUTYY(("P(server_edns_buffer_size:%s)\n", $2));
1262 yyerror("number expected");
1263 else if (atoi($2) < 12)
1264 yyerror("edns buffer size too small");
1265 else if (atoi($2) > 65535)
1266 cfg_parser->cfg->edns_buffer_size = 65535;
1267 else cfg_parser->cfg->edns_buffer_size = atoi($2);
1271 server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG
1273 OUTYY(("P(server_msg_buffer_size:%s)\n", $2));
1275 yyerror("number expected");
1276 else if (atoi($2) < 4096)
1277 yyerror("message buffer size too small (use 4096)");
1278 else cfg_parser->cfg->msg_buffer_size = atoi($2);
1282 server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG
1284 OUTYY(("P(server_msg_cache_size:%s)\n", $2));
1285 if(!cfg_parse_memsize($2, &cfg_parser->cfg->msg_cache_size))
1286 yyerror("memory size expected");
1290 server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG
1292 OUTYY(("P(server_msg_cache_slabs:%s)\n", $2));
1294 yyerror("number expected");
1296 cfg_parser->cfg->msg_cache_slabs = atoi($2);
1297 if(!is_pow2(cfg_parser->cfg->msg_cache_slabs))
1298 yyerror("must be a power of 2");
1303 server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG
1305 OUTYY(("P(server_num_queries_per_thread:%s)\n", $2));
1307 yyerror("number expected");
1308 else cfg_parser->cfg->num_queries_per_thread = atoi($2);
1312 server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG
1314 OUTYY(("P(server_jostle_timeout:%s)\n", $2));
1315 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1316 yyerror("number expected");
1317 else cfg_parser->cfg->jostle_time = atoi($2);
1321 server_delay_close: VAR_DELAY_CLOSE STRING_ARG
1323 OUTYY(("P(server_delay_close:%s)\n", $2));
1324 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1325 yyerror("number expected");
1326 else cfg_parser->cfg->delay_close = atoi($2);
1330 server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
1332 OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
1333 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1334 yyerror("expected yes or no.");
1335 else cfg_parser->cfg->unblock_lan_zones =
1336 (strcmp($2, "yes")==0);
1340 server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
1342 OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
1343 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1344 yyerror("expected yes or no.");
1345 else cfg_parser->cfg->insecure_lan_zones =
1346 (strcmp($2, "yes")==0);
1350 server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
1352 OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
1353 if(!cfg_parse_memsize($2, &cfg_parser->cfg->rrset_cache_size))
1354 yyerror("memory size expected");
1358 server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG
1360 OUTYY(("P(server_rrset_cache_slabs:%s)\n", $2));
1362 yyerror("number expected");
1364 cfg_parser->cfg->rrset_cache_slabs = atoi($2);
1365 if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs))
1366 yyerror("must be a power of 2");
1371 server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG
1373 OUTYY(("P(server_infra_host_ttl:%s)\n", $2));
1374 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1375 yyerror("number expected");
1376 else cfg_parser->cfg->host_ttl = atoi($2);
1380 server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG
1382 OUTYY(("P(server_infra_lame_ttl:%s)\n", $2));
1383 verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
1384 "removed, use infra-host-ttl)", $2);
1388 server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG
1390 OUTYY(("P(server_infra_cache_numhosts:%s)\n", $2));
1392 yyerror("number expected");
1393 else cfg_parser->cfg->infra_cache_numhosts = atoi($2);
1397 server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG
1399 OUTYY(("P(server_infra_cache_lame_size:%s)\n", $2));
1400 verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
1401 "(option removed, use infra-cache-numhosts)", $2);
1405 server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG
1407 OUTYY(("P(server_infra_cache_slabs:%s)\n", $2));
1409 yyerror("number expected");
1411 cfg_parser->cfg->infra_cache_slabs = atoi($2);
1412 if(!is_pow2(cfg_parser->cfg->infra_cache_slabs))
1413 yyerror("must be a power of 2");
1418 server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
1420 OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
1421 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1422 yyerror("number expected");
1423 else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
1427 server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
1429 OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
1430 free(cfg_parser->cfg->target_fetch_policy);
1431 cfg_parser->cfg->target_fetch_policy = $2;
1434 server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG
1436 OUTYY(("P(server_harden_short_bufsize:%s)\n", $2));
1437 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1438 yyerror("expected yes or no.");
1439 else cfg_parser->cfg->harden_short_bufsize =
1440 (strcmp($2, "yes")==0);
1444 server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG
1446 OUTYY(("P(server_harden_large_queries:%s)\n", $2));
1447 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1448 yyerror("expected yes or no.");
1449 else cfg_parser->cfg->harden_large_queries =
1450 (strcmp($2, "yes")==0);
1454 server_harden_glue: VAR_HARDEN_GLUE STRING_ARG
1456 OUTYY(("P(server_harden_glue:%s)\n", $2));
1457 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1458 yyerror("expected yes or no.");
1459 else cfg_parser->cfg->harden_glue =
1460 (strcmp($2, "yes")==0);
1464 server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG
1466 OUTYY(("P(server_harden_dnssec_stripped:%s)\n", $2));
1467 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1468 yyerror("expected yes or no.");
1469 else cfg_parser->cfg->harden_dnssec_stripped =
1470 (strcmp($2, "yes")==0);
1474 server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG
1476 OUTYY(("P(server_harden_below_nxdomain:%s)\n", $2));
1477 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1478 yyerror("expected yes or no.");
1479 else cfg_parser->cfg->harden_below_nxdomain =
1480 (strcmp($2, "yes")==0);
1484 server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG
1486 OUTYY(("P(server_harden_referral_path:%s)\n", $2));
1487 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1488 yyerror("expected yes or no.");
1489 else cfg_parser->cfg->harden_referral_path =
1490 (strcmp($2, "yes")==0);
1494 server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG
1496 OUTYY(("P(server_harden_algo_downgrade:%s)\n", $2));
1497 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1498 yyerror("expected yes or no.");
1499 else cfg_parser->cfg->harden_algo_downgrade =
1500 (strcmp($2, "yes")==0);
1504 server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
1506 OUTYY(("P(server_use_caps_for_id:%s)\n", $2));
1507 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1508 yyerror("expected yes or no.");
1509 else cfg_parser->cfg->use_caps_bits_for_id =
1510 (strcmp($2, "yes")==0);
1514 server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
1516 OUTYY(("P(server_caps_whitelist:%s)\n", $2));
1517 if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
1518 yyerror("out of memory");
1521 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
1523 OUTYY(("P(server_private_address:%s)\n", $2));
1524 if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, $2))
1525 yyerror("out of memory");
1528 server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG
1530 OUTYY(("P(server_private_domain:%s)\n", $2));
1531 if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, $2))
1532 yyerror("out of memory");
1535 server_prefetch: VAR_PREFETCH STRING_ARG
1537 OUTYY(("P(server_prefetch:%s)\n", $2));
1538 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1539 yyerror("expected yes or no.");
1540 else cfg_parser->cfg->prefetch = (strcmp($2, "yes")==0);
1544 server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG
1546 OUTYY(("P(server_prefetch_key:%s)\n", $2));
1547 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1548 yyerror("expected yes or no.");
1549 else cfg_parser->cfg->prefetch_key = (strcmp($2, "yes")==0);
1553 server_deny_any: VAR_DENY_ANY STRING_ARG
1555 OUTYY(("P(server_deny_any:%s)\n", $2));
1556 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1557 yyerror("expected yes or no.");
1558 else cfg_parser->cfg->deny_any = (strcmp($2, "yes")==0);
1562 server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG
1564 OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));
1565 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1566 yyerror("number expected");
1567 else cfg_parser->cfg->unwanted_threshold = atoi($2);
1571 server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG
1573 OUTYY(("P(server_do_not_query_address:%s)\n", $2));
1574 if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, $2))
1575 yyerror("out of memory");
1578 server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG
1580 OUTYY(("P(server_do_not_query_localhost:%s)\n", $2));
1581 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1582 yyerror("expected yes or no.");
1583 else cfg_parser->cfg->donotquery_localhost =
1584 (strcmp($2, "yes")==0);
1588 server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG
1590 OUTYY(("P(server_access_control:%s %s)\n", $2, $3));
1591 if(strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 &&
1592 strcmp($3, "deny_non_local")!=0 &&
1593 strcmp($3, "refuse_non_local")!=0 &&
1594 strcmp($3, "allow_setrd")!=0 &&
1595 strcmp($3, "allow")!=0 &&
1596 strcmp($3, "allow_snoop")!=0) {
1597 yyerror("expected deny, refuse, deny_non_local, "
1598 "refuse_non_local, allow, allow_setrd or "
1599 "allow_snoop in access control action");
1603 if(!cfg_str2list_insert(&cfg_parser->cfg->acls, $2, $3))
1604 fatal_exit("out of memory adding acl");
1608 server_module_conf: VAR_MODULE_CONF STRING_ARG
1610 OUTYY(("P(server_module_conf:%s)\n", $2));
1611 free(cfg_parser->cfg->module_conf);
1612 cfg_parser->cfg->module_conf = $2;
1615 server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG
1617 OUTYY(("P(server_val_override_date:%s)\n", $2));
1618 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1619 cfg_parser->cfg->val_date_override = 0;
1620 } else if(strlen($2) == 14) {
1621 cfg_parser->cfg->val_date_override =
1622 cfg_convert_timeval($2);
1623 if(!cfg_parser->cfg->val_date_override)
1624 yyerror("bad date/time specification");
1627 yyerror("number expected");
1628 cfg_parser->cfg->val_date_override = atoi($2);
1633 server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG
1635 OUTYY(("P(server_val_sig_skew_min:%s)\n", $2));
1636 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1637 cfg_parser->cfg->val_sig_skew_min = 0;
1639 cfg_parser->cfg->val_sig_skew_min = atoi($2);
1640 if(!cfg_parser->cfg->val_sig_skew_min)
1641 yyerror("number expected");
1646 server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
1648 OUTYY(("P(server_val_sig_skew_max:%s)\n", $2));
1649 if(*$2 == '\0' || strcmp($2, "0") == 0) {
1650 cfg_parser->cfg->val_sig_skew_max = 0;
1652 cfg_parser->cfg->val_sig_skew_max = atoi($2);
1653 if(!cfg_parser->cfg->val_sig_skew_max)
1654 yyerror("number expected");
1659 server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
1661 OUTYY(("P(server_cache_max_ttl:%s)\n", $2));
1662 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1663 yyerror("number expected");
1664 else cfg_parser->cfg->max_ttl = atoi($2);
1668 server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
1670 OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
1671 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1672 yyerror("number expected");
1673 else cfg_parser->cfg->max_negative_ttl = atoi($2);
1677 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
1679 OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
1680 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1681 yyerror("number expected");
1682 else cfg_parser->cfg->min_ttl = atoi($2);
1686 server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG
1688 OUTYY(("P(server_bogus_ttl:%s)\n", $2));
1689 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1690 yyerror("number expected");
1691 else cfg_parser->cfg->bogus_ttl = atoi($2);
1695 server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG
1697 OUTYY(("P(server_val_clean_additional:%s)\n", $2));
1698 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1699 yyerror("expected yes or no.");
1700 else cfg_parser->cfg->val_clean_additional =
1701 (strcmp($2, "yes")==0);
1705 server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG
1707 OUTYY(("P(server_val_permissive_mode:%s)\n", $2));
1708 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1709 yyerror("expected yes or no.");
1710 else cfg_parser->cfg->val_permissive_mode =
1711 (strcmp($2, "yes")==0);
1715 server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG
1717 OUTYY(("P(server_aggressive_nsec:%s)\n", $2));
1718 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1719 yyerror("expected yes or no.");
1721 cfg_parser->cfg->aggressive_nsec =
1722 (strcmp($2, "yes")==0);
1726 server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG
1728 OUTYY(("P(server_ignore_cd_flag:%s)\n", $2));
1729 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1730 yyerror("expected yes or no.");
1731 else cfg_parser->cfg->ignore_cd = (strcmp($2, "yes")==0);
1735 server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG
1737 OUTYY(("P(server_serve_expired:%s)\n", $2));
1738 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1739 yyerror("expected yes or no.");
1740 else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0);
1744 server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG
1746 OUTYY(("P(server_serve_expired_ttl:%s)\n", $2));
1747 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1748 yyerror("number expected");
1749 else cfg_parser->cfg->serve_expired_ttl = atoi($2);
1753 server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG
1755 OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", $2));
1756 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1757 yyerror("expected yes or no.");
1758 else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp($2, "yes")==0);
1762 server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG
1764 OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", $2));
1765 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1766 yyerror("number expected");
1767 else cfg_parser->cfg->serve_expired_reply_ttl = atoi($2);
1771 server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG
1773 OUTYY(("P(server_serve_expired_client_timeout:%s)\n", $2));
1774 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1775 yyerror("number expected");
1776 else cfg_parser->cfg->serve_expired_client_timeout = atoi($2);
1780 server_fake_dsa: VAR_FAKE_DSA STRING_ARG
1782 OUTYY(("P(server_fake_dsa:%s)\n", $2));
1783 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1784 yyerror("expected yes or no.");
1785 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
1786 else fake_dsa = (strcmp($2, "yes")==0);
1788 log_warn("test option fake_dsa is enabled");
1793 server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG
1795 OUTYY(("P(server_fake_sha1:%s)\n", $2));
1796 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1797 yyerror("expected yes or no.");
1798 #if defined(HAVE_SSL) || defined(HAVE_NETTLE)
1799 else fake_sha1 = (strcmp($2, "yes")==0);
1801 log_warn("test option fake_sha1 is enabled");
1806 server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG
1808 OUTYY(("P(server_val_log_level:%s)\n", $2));
1809 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1810 yyerror("number expected");
1811 else cfg_parser->cfg->val_log_level = atoi($2);
1815 server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG
1817 OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", $2));
1818 free(cfg_parser->cfg->val_nsec3_key_iterations);
1819 cfg_parser->cfg->val_nsec3_key_iterations = $2;
1822 server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG
1824 OUTYY(("P(server_add_holddown:%s)\n", $2));
1825 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1826 yyerror("number expected");
1827 else cfg_parser->cfg->add_holddown = atoi($2);
1831 server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG
1833 OUTYY(("P(server_del_holddown:%s)\n", $2));
1834 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1835 yyerror("number expected");
1836 else cfg_parser->cfg->del_holddown = atoi($2);
1840 server_keep_missing: VAR_KEEP_MISSING STRING_ARG
1842 OUTYY(("P(server_keep_missing:%s)\n", $2));
1843 if(atoi($2) == 0 && strcmp($2, "0") != 0)
1844 yyerror("number expected");
1845 else cfg_parser->cfg->keep_missing = atoi($2);
1849 server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
1851 OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
1852 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1853 yyerror("expected yes or no.");
1854 else cfg_parser->cfg->permit_small_holddown =
1855 (strcmp($2, "yes")==0);
1858 server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
1860 OUTYY(("P(server_key_cache_size:%s)\n", $2));
1861 if(!cfg_parse_memsize($2, &cfg_parser->cfg->key_cache_size))
1862 yyerror("memory size expected");
1866 server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG
1868 OUTYY(("P(server_key_cache_slabs:%s)\n", $2));
1870 yyerror("number expected");
1872 cfg_parser->cfg->key_cache_slabs = atoi($2);
1873 if(!is_pow2(cfg_parser->cfg->key_cache_slabs))
1874 yyerror("must be a power of 2");
1879 server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG
1881 OUTYY(("P(server_neg_cache_size:%s)\n", $2));
1882 if(!cfg_parse_memsize($2, &cfg_parser->cfg->neg_cache_size))
1883 yyerror("memory size expected");
1887 server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
1889 OUTYY(("P(server_local_zone:%s %s)\n", $2, $3));
1890 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
1891 strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
1892 strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
1893 && strcmp($3, "typetransparent")!=0
1894 && strcmp($3, "always_transparent")!=0
1895 && strcmp($3, "always_refuse")!=0
1896 && strcmp($3, "always_nxdomain")!=0
1897 && strcmp($3, "noview")!=0
1898 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0
1899 && strcmp($3, "inform_redirect") != 0
1900 && strcmp($3, "ipset") != 0) {
1901 yyerror("local-zone type: expected static, deny, "
1902 "refuse, redirect, transparent, "
1903 "typetransparent, inform, inform_deny, "
1904 "inform_redirect, always_transparent, "
1905 "always_refuse, always_nxdomain, noview "
1906 ", nodefault or ipset");
1909 } else if(strcmp($3, "nodefault")==0) {
1910 if(!cfg_strlist_insert(&cfg_parser->cfg->
1911 local_zones_nodefault, $2))
1912 fatal_exit("out of memory adding local-zone");
1915 } else if(strcmp($3, "ipset")==0) {
1916 if(!cfg_strlist_insert(&cfg_parser->cfg->
1917 local_zones_ipset, $2))
1918 fatal_exit("out of memory adding local-zone");
1922 if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones,
1924 fatal_exit("out of memory adding local-zone");
1928 server_local_data: VAR_LOCAL_DATA STRING_ARG
1930 OUTYY(("P(server_local_data:%s)\n", $2));
1931 if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, $2))
1932 fatal_exit("out of memory adding local-data");
1935 server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
1938 OUTYY(("P(server_local_data_ptr:%s)\n", $2));
1939 ptr = cfg_ptr_reverse($2);
1942 if(!cfg_strlist_insert(&cfg_parser->cfg->
1944 fatal_exit("out of memory adding local-data");
1946 yyerror("local-data-ptr could not be reversed");
1950 server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG
1952 OUTYY(("P(server_minimal_responses:%s)\n", $2));
1953 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1954 yyerror("expected yes or no.");
1955 else cfg_parser->cfg->minimal_responses =
1956 (strcmp($2, "yes")==0);
1960 server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG
1962 OUTYY(("P(server_rrset_roundrobin:%s)\n", $2));
1963 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1964 yyerror("expected yes or no.");
1965 else cfg_parser->cfg->rrset_roundrobin =
1966 (strcmp($2, "yes")==0);
1970 server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG
1972 OUTYY(("P(server_unknown_server_time_limit:%s)\n", $2));
1973 cfg_parser->cfg->unknown_server_time_limit = atoi($2);
1977 server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG
1979 OUTYY(("P(server_max_udp_size:%s)\n", $2));
1980 cfg_parser->cfg->max_udp_size = atoi($2);
1984 server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG
1986 OUTYY(("P(dns64_prefix:%s)\n", $2));
1987 free(cfg_parser->cfg->dns64_prefix);
1988 cfg_parser->cfg->dns64_prefix = $2;
1991 server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
1993 OUTYY(("P(server_dns64_synthall:%s)\n", $2));
1994 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
1995 yyerror("expected yes or no.");
1996 else cfg_parser->cfg->dns64_synthall = (strcmp($2, "yes")==0);
2000 server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
2002 OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
2003 if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
2005 fatal_exit("out of memory adding dns64-ignore-aaaa");
2008 server_define_tag: VAR_DEFINE_TAG STRING_ARG
2011 OUTYY(("P(server_define_tag:%s)\n", $2));
2012 while((p=strsep(&s, " \t\n")) != NULL) {
2014 if(!config_add_tag(cfg_parser->cfg, p))
2015 yyerror("could not define-tag, "
2022 server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG
2025 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2028 OUTYY(("P(server_local_zone_tag:%s)\n", $2));
2030 yyerror("could not parse tags, (define-tag them first)");
2034 if(!cfg_strbytelist_insert(
2035 &cfg_parser->cfg->local_zone_tags,
2036 $2, bitlist, len)) {
2037 yyerror("out of memory");
2043 server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG
2046 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2049 OUTYY(("P(server_access_control_tag:%s)\n", $2));
2051 yyerror("could not parse tags, (define-tag them first)");
2055 if(!cfg_strbytelist_insert(
2056 &cfg_parser->cfg->acl_tags,
2057 $2, bitlist, len)) {
2058 yyerror("out of memory");
2064 server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG
2066 OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4));
2067 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
2069 yyerror("out of memory");
2076 server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG
2078 OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4));
2079 if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
2081 yyerror("out of memory");
2088 server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG
2090 OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4));
2091 if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
2093 yyerror("out of memory");
2100 server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
2102 OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3));
2103 if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
2105 yyerror("out of memory");
2109 server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG
2112 uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3,
2115 OUTYY(("P(response_ip_tag:%s)\n", $2));
2117 yyerror("could not parse tags, (define-tag them first)");
2121 if(!cfg_strbytelist_insert(
2122 &cfg_parser->cfg->respip_tags,
2123 $2, bitlist, len)) {
2124 yyerror("out of memory");
2130 server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
2132 OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
2133 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2134 yyerror("number expected");
2135 else cfg_parser->cfg->ip_ratelimit = atoi($2);
2140 server_ratelimit: VAR_RATELIMIT STRING_ARG
2142 OUTYY(("P(server_ratelimit:%s)\n", $2));
2143 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2144 yyerror("number expected");
2145 else cfg_parser->cfg->ratelimit = atoi($2);
2149 server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
2151 OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
2152 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
2153 yyerror("memory size expected");
2157 server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
2159 OUTYY(("P(server_ratelimit_size:%s)\n", $2));
2160 if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
2161 yyerror("memory size expected");
2165 server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
2167 OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
2169 yyerror("number expected");
2171 cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
2172 if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
2173 yyerror("must be a power of 2");
2178 server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
2180 OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
2182 yyerror("number expected");
2184 cfg_parser->cfg->ratelimit_slabs = atoi($2);
2185 if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
2186 yyerror("must be a power of 2");
2191 server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
2193 OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
2194 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2195 yyerror("number expected");
2199 if(!cfg_str2list_insert(&cfg_parser->cfg->
2200 ratelimit_for_domain, $2, $3))
2201 fatal_exit("out of memory adding "
2202 "ratelimit-for-domain");
2206 server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
2208 OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
2209 if(atoi($3) == 0 && strcmp($3, "0") != 0) {
2210 yyerror("number expected");
2214 if(!cfg_str2list_insert(&cfg_parser->cfg->
2215 ratelimit_below_domain, $2, $3))
2216 fatal_exit("out of memory adding "
2217 "ratelimit-below-domain");
2221 server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
2223 OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
2224 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2225 yyerror("number expected");
2226 else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
2230 server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
2232 OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
2233 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2234 yyerror("number expected");
2235 else cfg_parser->cfg->ratelimit_factor = atoi($2);
2239 server_low_rtt: VAR_LOW_RTT STRING_ARG
2241 OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
2245 server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG
2247 OUTYY(("P(server_fast_server_num:%s)\n", $2));
2249 yyerror("number expected");
2250 else cfg_parser->cfg->fast_server_num = atoi($2);
2254 server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG
2256 OUTYY(("P(server_fast_server_permil:%s)\n", $2));
2257 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2258 yyerror("number expected");
2259 else cfg_parser->cfg->fast_server_permil = atoi($2);
2263 server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG
2265 OUTYY(("P(server_qname_minimisation:%s)\n", $2));
2266 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2267 yyerror("expected yes or no.");
2268 else cfg_parser->cfg->qname_minimisation =
2269 (strcmp($2, "yes")==0);
2273 server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG
2275 OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2));
2276 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2277 yyerror("expected yes or no.");
2278 else cfg_parser->cfg->qname_minimisation_strict =
2279 (strcmp($2, "yes")==0);
2283 server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG
2286 OUTYY(("P(server_ipsecmod_enabled:%s)\n", $2));
2287 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2288 yyerror("expected yes or no.");
2289 else cfg_parser->cfg->ipsecmod_enabled = (strcmp($2, "yes")==0);
2291 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2296 server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG
2299 OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", $2));
2300 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2301 yyerror("expected yes or no.");
2302 else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp($2, "yes")==0);
2304 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2309 server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG
2312 OUTYY(("P(server_ipsecmod_hook:%s)\n", $2));
2313 free(cfg_parser->cfg->ipsecmod_hook);
2314 cfg_parser->cfg->ipsecmod_hook = $2;
2316 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2321 server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG
2324 OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", $2));
2325 if(atoi($2) == 0 && strcmp($2, "0") != 0)
2326 yyerror("number expected");
2327 else cfg_parser->cfg->ipsecmod_max_ttl = atoi($2);
2330 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2335 server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG
2338 OUTYY(("P(server_ipsecmod_whitelist:%s)\n", $2));
2339 if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, $2))
2340 yyerror("out of memory");
2342 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2347 server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
2350 OUTYY(("P(server_ipsecmod_strict:%s)\n", $2));
2351 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2352 yyerror("expected yes or no.");
2353 else cfg_parser->cfg->ipsecmod_strict = (strcmp($2, "yes")==0);
2356 OUTYY(("P(Compiled without IPsec module, ignoring)\n"));
2361 stub_name: VAR_NAME STRING_ARG
2363 OUTYY(("P(name:%s)\n", $2));
2364 if(cfg_parser->cfg->stubs->name)
2365 yyerror("stub name override, there must be one name "
2366 "for one stub-zone");
2367 free(cfg_parser->cfg->stubs->name);
2368 cfg_parser->cfg->stubs->name = $2;
2371 stub_host: VAR_STUB_HOST STRING_ARG
2373 OUTYY(("P(stub-host:%s)\n", $2));
2374 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, $2))
2375 yyerror("out of memory");
2378 stub_addr: VAR_STUB_ADDR STRING_ARG
2380 OUTYY(("P(stub-addr:%s)\n", $2));
2381 if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, $2))
2382 yyerror("out of memory");
2385 stub_first: VAR_STUB_FIRST STRING_ARG
2387 OUTYY(("P(stub-first:%s)\n", $2));
2388 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2389 yyerror("expected yes or no.");
2390 else cfg_parser->cfg->stubs->isfirst=(strcmp($2, "yes")==0);
2394 stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG
2396 OUTYY(("P(stub-no-cache:%s)\n", $2));
2397 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2398 yyerror("expected yes or no.");
2399 else cfg_parser->cfg->stubs->no_cache=(strcmp($2, "yes")==0);
2403 stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG
2405 OUTYY(("P(stub-ssl-upstream:%s)\n", $2));
2406 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2407 yyerror("expected yes or no.");
2408 else cfg_parser->cfg->stubs->ssl_upstream =
2409 (strcmp($2, "yes")==0);
2413 stub_prime: VAR_STUB_PRIME STRING_ARG
2415 OUTYY(("P(stub-prime:%s)\n", $2));
2416 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2417 yyerror("expected yes or no.");
2418 else cfg_parser->cfg->stubs->isprime =
2419 (strcmp($2, "yes")==0);
2423 forward_name: VAR_NAME STRING_ARG
2425 OUTYY(("P(name:%s)\n", $2));
2426 if(cfg_parser->cfg->forwards->name)
2427 yyerror("forward name override, there must be one "
2428 "name for one forward-zone");
2429 free(cfg_parser->cfg->forwards->name);
2430 cfg_parser->cfg->forwards->name = $2;
2433 forward_host: VAR_FORWARD_HOST STRING_ARG
2435 OUTYY(("P(forward-host:%s)\n", $2));
2436 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, $2))
2437 yyerror("out of memory");
2440 forward_addr: VAR_FORWARD_ADDR STRING_ARG
2442 OUTYY(("P(forward-addr:%s)\n", $2));
2443 if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, $2))
2444 yyerror("out of memory");
2447 forward_first: VAR_FORWARD_FIRST STRING_ARG
2449 OUTYY(("P(forward-first:%s)\n", $2));
2450 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2451 yyerror("expected yes or no.");
2452 else cfg_parser->cfg->forwards->isfirst=(strcmp($2, "yes")==0);
2456 forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG
2458 OUTYY(("P(forward-no-cache:%s)\n", $2));
2459 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2460 yyerror("expected yes or no.");
2461 else cfg_parser->cfg->forwards->no_cache=(strcmp($2, "yes")==0);
2465 forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG
2467 OUTYY(("P(forward-ssl-upstream:%s)\n", $2));
2468 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2469 yyerror("expected yes or no.");
2470 else cfg_parser->cfg->forwards->ssl_upstream =
2471 (strcmp($2, "yes")==0);
2475 auth_name: VAR_NAME STRING_ARG
2477 OUTYY(("P(name:%s)\n", $2));
2478 if(cfg_parser->cfg->auths->name)
2479 yyerror("auth name override, there must be one name "
2480 "for one auth-zone");
2481 free(cfg_parser->cfg->auths->name);
2482 cfg_parser->cfg->auths->name = $2;
2485 auth_zonefile: VAR_ZONEFILE STRING_ARG
2487 OUTYY(("P(zonefile:%s)\n", $2));
2488 free(cfg_parser->cfg->auths->zonefile);
2489 cfg_parser->cfg->auths->zonefile = $2;
2492 auth_master: VAR_MASTER STRING_ARG
2494 OUTYY(("P(master:%s)\n", $2));
2495 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2))
2496 yyerror("out of memory");
2499 auth_url: VAR_URL STRING_ARG
2501 OUTYY(("P(url:%s)\n", $2));
2502 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2))
2503 yyerror("out of memory");
2506 auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG
2508 OUTYY(("P(allow-notify:%s)\n", $2));
2509 if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
2511 yyerror("out of memory");
2514 auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG
2516 OUTYY(("P(for-downstream:%s)\n", $2));
2517 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2518 yyerror("expected yes or no.");
2519 else cfg_parser->cfg->auths->for_downstream =
2520 (strcmp($2, "yes")==0);
2524 auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG
2526 OUTYY(("P(for-upstream:%s)\n", $2));
2527 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2528 yyerror("expected yes or no.");
2529 else cfg_parser->cfg->auths->for_upstream =
2530 (strcmp($2, "yes")==0);
2534 auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG
2536 OUTYY(("P(fallback-enabled:%s)\n", $2));
2537 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2538 yyerror("expected yes or no.");
2539 else cfg_parser->cfg->auths->fallback_enabled =
2540 (strcmp($2, "yes")==0);
2544 view_name: VAR_NAME STRING_ARG
2546 OUTYY(("P(name:%s)\n", $2));
2547 if(cfg_parser->cfg->views->name)
2548 yyerror("view name override, there must be one "
2549 "name for one view");
2550 free(cfg_parser->cfg->views->name);
2551 cfg_parser->cfg->views->name = $2;
2554 view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
2556 OUTYY(("P(view_local_zone:%s %s)\n", $2, $3));
2557 if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
2558 strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
2559 strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
2560 && strcmp($3, "typetransparent")!=0
2561 && strcmp($3, "always_transparent")!=0
2562 && strcmp($3, "always_refuse")!=0
2563 && strcmp($3, "always_nxdomain")!=0
2564 && strcmp($3, "noview")!=0
2565 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) {
2566 yyerror("local-zone type: expected static, deny, "
2567 "refuse, redirect, transparent, "
2568 "typetransparent, inform, inform_deny, "
2569 "always_transparent, always_refuse, "
2570 "always_nxdomain, noview or nodefault");
2573 } else if(strcmp($3, "nodefault")==0) {
2574 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2575 local_zones_nodefault, $2))
2576 fatal_exit("out of memory adding local-zone");
2579 } else if(strcmp($3, "ipset")==0) {
2580 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2581 local_zones_ipset, $2))
2582 fatal_exit("out of memory adding local-zone");
2586 if(!cfg_str2list_insert(
2587 &cfg_parser->cfg->views->local_zones,
2589 fatal_exit("out of memory adding local-zone");
2593 view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2595 OUTYY(("P(view_response_ip:%s %s)\n", $2, $3));
2596 validate_respip_action($3);
2597 if(!cfg_str2list_insert(
2598 &cfg_parser->cfg->views->respip_actions, $2, $3))
2599 fatal_exit("out of memory adding per-view "
2600 "response-ip action");
2603 view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2605 OUTYY(("P(view_response_ip_data:%s)\n", $2));
2606 if(!cfg_str2list_insert(
2607 &cfg_parser->cfg->views->respip_data, $2, $3))
2608 fatal_exit("out of memory adding response-ip-data");
2611 view_local_data: VAR_LOCAL_DATA STRING_ARG
2613 OUTYY(("P(view_local_data:%s)\n", $2));
2614 if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) {
2615 fatal_exit("out of memory adding local-data");
2619 view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG
2622 OUTYY(("P(view_local_data_ptr:%s)\n", $2));
2623 ptr = cfg_ptr_reverse($2);
2626 if(!cfg_strlist_insert(&cfg_parser->cfg->views->
2628 fatal_exit("out of memory adding local-data");
2630 yyerror("local-data-ptr could not be reversed");
2634 view_first: VAR_VIEW_FIRST STRING_ARG
2636 OUTYY(("P(view-first:%s)\n", $2));
2637 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2638 yyerror("expected yes or no.");
2639 else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0);
2643 rcstart: VAR_REMOTE_CONTROL
2645 OUTYY(("\nP(remote-control:)\n"));
2648 contents_rc: contents_rc content_rc
2650 content_rc: rc_control_enable | rc_control_interface | rc_control_port |
2651 rc_server_key_file | rc_server_cert_file | rc_control_key_file |
2652 rc_control_cert_file | rc_control_use_cert
2654 rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
2656 OUTYY(("P(control_enable:%s)\n", $2));
2657 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2658 yyerror("expected yes or no.");
2659 else cfg_parser->cfg->remote_control_enable =
2660 (strcmp($2, "yes")==0);
2664 rc_control_port: VAR_CONTROL_PORT STRING_ARG
2666 OUTYY(("P(control_port:%s)\n", $2));
2668 yyerror("control port number expected");
2669 else cfg_parser->cfg->control_port = atoi($2);
2673 rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
2675 OUTYY(("P(control_interface:%s)\n", $2));
2676 if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
2677 yyerror("out of memory");
2680 rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
2682 OUTYY(("P(control_use_cert:%s)\n", $2));
2683 cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
2687 rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
2689 OUTYY(("P(rc_server_key_file:%s)\n", $2));
2690 free(cfg_parser->cfg->server_key_file);
2691 cfg_parser->cfg->server_key_file = $2;
2694 rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG
2696 OUTYY(("P(rc_server_cert_file:%s)\n", $2));
2697 free(cfg_parser->cfg->server_cert_file);
2698 cfg_parser->cfg->server_cert_file = $2;
2701 rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG
2703 OUTYY(("P(rc_control_key_file:%s)\n", $2));
2704 free(cfg_parser->cfg->control_key_file);
2705 cfg_parser->cfg->control_key_file = $2;
2708 rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG
2710 OUTYY(("P(rc_control_cert_file:%s)\n", $2));
2711 free(cfg_parser->cfg->control_cert_file);
2712 cfg_parser->cfg->control_cert_file = $2;
2717 OUTYY(("\nP(dnstap:)\n"));
2720 contents_dt: contents_dt content_dt
2722 content_dt: dt_dnstap_enable | dt_dnstap_socket_path |
2723 dt_dnstap_send_identity | dt_dnstap_send_version |
2724 dt_dnstap_identity | dt_dnstap_version |
2725 dt_dnstap_log_resolver_query_messages |
2726 dt_dnstap_log_resolver_response_messages |
2727 dt_dnstap_log_client_query_messages |
2728 dt_dnstap_log_client_response_messages |
2729 dt_dnstap_log_forwarder_query_messages |
2730 dt_dnstap_log_forwarder_response_messages
2732 dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
2734 OUTYY(("P(dt_dnstap_enable:%s)\n", $2));
2735 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2736 yyerror("expected yes or no.");
2737 else cfg_parser->cfg->dnstap = (strcmp($2, "yes")==0);
2741 dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
2743 OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
2744 free(cfg_parser->cfg->dnstap_socket_path);
2745 cfg_parser->cfg->dnstap_socket_path = $2;
2748 dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG
2750 OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2));
2751 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2752 yyerror("expected yes or no.");
2753 else cfg_parser->cfg->dnstap_send_identity = (strcmp($2, "yes")==0);
2757 dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG
2759 OUTYY(("P(dt_dnstap_send_version:%s)\n", $2));
2760 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2761 yyerror("expected yes or no.");
2762 else cfg_parser->cfg->dnstap_send_version = (strcmp($2, "yes")==0);
2766 dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG
2768 OUTYY(("P(dt_dnstap_identity:%s)\n", $2));
2769 free(cfg_parser->cfg->dnstap_identity);
2770 cfg_parser->cfg->dnstap_identity = $2;
2773 dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG
2775 OUTYY(("P(dt_dnstap_version:%s)\n", $2));
2776 free(cfg_parser->cfg->dnstap_version);
2777 cfg_parser->cfg->dnstap_version = $2;
2780 dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG
2782 OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", $2));
2783 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2784 yyerror("expected yes or no.");
2785 else cfg_parser->cfg->dnstap_log_resolver_query_messages =
2786 (strcmp($2, "yes")==0);
2790 dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG
2792 OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", $2));
2793 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2794 yyerror("expected yes or no.");
2795 else cfg_parser->cfg->dnstap_log_resolver_response_messages =
2796 (strcmp($2, "yes")==0);
2800 dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG
2802 OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", $2));
2803 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2804 yyerror("expected yes or no.");
2805 else cfg_parser->cfg->dnstap_log_client_query_messages =
2806 (strcmp($2, "yes")==0);
2810 dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG
2812 OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", $2));
2813 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2814 yyerror("expected yes or no.");
2815 else cfg_parser->cfg->dnstap_log_client_response_messages =
2816 (strcmp($2, "yes")==0);
2820 dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG
2822 OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", $2));
2823 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2824 yyerror("expected yes or no.");
2825 else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
2826 (strcmp($2, "yes")==0);
2830 dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG
2832 OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", $2));
2833 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2834 yyerror("expected yes or no.");
2835 else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
2836 (strcmp($2, "yes")==0);
2840 pythonstart: VAR_PYTHON
2842 OUTYY(("\nP(python:)\n"));
2845 contents_py: contents_py content_py
2847 content_py: py_script
2849 py_script: VAR_PYTHON_SCRIPT STRING_ARG
2851 OUTYY(("P(python-script:%s)\n", $2));
2852 if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2))
2853 yyerror("out of memory");
2855 server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
2857 OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
2858 if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2859 yyerror("expected yes or no.");
2860 else cfg_parser->cfg->disable_dnssec_lame_check =
2861 (strcmp($2, "yes")==0);
2865 server_log_identity: VAR_LOG_IDENTITY STRING_ARG
2867 OUTYY(("P(server_log_identity:%s)\n", $2));
2868 free(cfg_parser->cfg->log_identity);
2869 cfg_parser->cfg->log_identity = $2;
2872 server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG
2874 OUTYY(("P(server_response_ip:%s %s)\n", $2, $3));
2875 validate_respip_action($3);
2876 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions,
2878 fatal_exit("out of memory adding response-ip");
2881 server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG
2883 OUTYY(("P(server_response_ip_data:%s)\n", $2));
2884 if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
2886 fatal_exit("out of memory adding response-ip-data");
2889 dnscstart: VAR_DNSCRYPT
2891 OUTYY(("\nP(dnscrypt:)\n"));
2894 contents_dnsc: contents_dnsc content_dnsc
2897 dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider |
2898 dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert |
2899 dnsc_dnscrypt_provider_cert_rotated |
2900 dnsc_dnscrypt_shared_secret_cache_size |
2901 dnsc_dnscrypt_shared_secret_cache_slabs |
2902 dnsc_dnscrypt_nonce_cache_size |
2903 dnsc_dnscrypt_nonce_cache_slabs
2905 dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG
2907 OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2));
2908 if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
2909 yyerror("expected yes or no.");
2910 else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0);
2915 dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG
2917 OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2));
2919 yyerror("port number expected");
2920 else cfg_parser->cfg->dnscrypt_port = atoi($2);
2924 dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG
2926 OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2));
2927 free(cfg_parser->cfg->dnscrypt_provider);
2928 cfg_parser->cfg->dnscrypt_provider = $2;
2931 dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG
2933 OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2));
2934 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2))
2935 log_warn("dnscrypt-provider-cert %s is a duplicate", $2);
2936 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2))
2937 fatal_exit("out of memory adding dnscrypt-provider-cert");
2940 dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG
2942 OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2));
2943 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2))
2944 fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
2947 dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG
2949 OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2));
2950 if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2))
2951 log_warn("dnscrypt-secret-key: %s is a duplicate", $2);
2952 if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2))
2953 fatal_exit("out of memory adding dnscrypt-secret-key");
2956 dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG
2958 OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", $2));
2959 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
2960 yyerror("memory size expected");
2964 dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG
2966 OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", $2));
2968 yyerror("number expected");
2970 cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi($2);
2971 if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs))
2972 yyerror("must be a power of 2");
2977 dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG
2979 OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", $2));
2980 if(!cfg_parse_memsize($2, &cfg_parser->cfg->dnscrypt_nonce_cache_size))
2981 yyerror("memory size expected");
2985 dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG
2987 OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", $2));
2989 yyerror("number expected");
2991 cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi($2);
2992 if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs))
2993 yyerror("must be a power of 2");
2998 cachedbstart: VAR_CACHEDB
3000 OUTYY(("\nP(cachedb:)\n"));
3003 contents_cachedb: contents_cachedb content_cachedb
3005 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
3006 redis_server_host | redis_server_port | redis_timeout
3008 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
3011 OUTYY(("P(backend:%s)\n", $2));
3012 free(cfg_parser->cfg->cachedb_backend);
3013 cfg_parser->cfg->cachedb_backend = $2;
3015 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3020 cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
3023 OUTYY(("P(secret-seed:%s)\n", $2));
3024 free(cfg_parser->cfg->cachedb_secret);
3025 cfg_parser->cfg->cachedb_secret = $2;
3027 OUTYY(("P(Compiled without cachedb, ignoring)\n"));
3032 redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG
3034 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3035 OUTYY(("P(redis_server_host:%s)\n", $2));
3036 free(cfg_parser->cfg->redis_server_host);
3037 cfg_parser->cfg->redis_server_host = $2;
3039 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3044 redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG
3046 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3048 OUTYY(("P(redis_server_port:%s)\n", $2));
3050 if(port == 0 || port < 0 || port > 65535)
3051 yyerror("valid redis server port number expected");
3052 else cfg_parser->cfg->redis_server_port = port;
3054 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3059 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
3061 #if defined(USE_CACHEDB) && defined(USE_REDIS)
3062 OUTYY(("P(redis_timeout:%s)\n", $2));
3064 yyerror("redis timeout value expected");
3065 else cfg_parser->cfg->redis_timeout = atoi($2);
3067 OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
3072 server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
3074 OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3));
3076 yyerror("positive number expected");
3078 if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, $2, $3))
3079 fatal_exit("out of memory adding tcp connection limit");
3083 ipsetstart: VAR_IPSET
3085 OUTYY(("\nP(ipset:)\n"));
3088 contents_ipset: contents_ipset content_ipset
3090 content_ipset: ipset_name_v4 | ipset_name_v6
3092 ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG
3095 OUTYY(("P(name-v4:%s)\n", $2));
3096 if(cfg_parser->cfg->ipset_name_v4)
3097 yyerror("ipset name v4 override, there must be one "
3099 free(cfg_parser->cfg->ipset_name_v4);
3100 cfg_parser->cfg->ipset_name_v4 = $2;
3102 OUTYY(("P(Compiled without ipset, ignoring)\n"));
3107 ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG
3110 OUTYY(("P(name-v6:%s)\n", $2));
3111 if(cfg_parser->cfg->ipset_name_v6)
3112 yyerror("ipset name v6 override, there must be one "
3114 free(cfg_parser->cfg->ipset_name_v6);
3115 cfg_parser->cfg->ipset_name_v6 = $2;
3117 OUTYY(("P(Compiled without ipset, ignoring)\n"));
3124 /* parse helper routines could be here */
3126 validate_respip_action(const char* action)
3128 if(strcmp(action, "deny")!=0 &&
3129 strcmp(action, "redirect")!=0 &&
3130 strcmp(action, "inform")!=0 &&
3131 strcmp(action, "inform_deny")!=0 &&
3132 strcmp(action, "always_transparent")!=0 &&
3133 strcmp(action, "always_refuse")!=0 &&
3134 strcmp(action, "always_nxdomain")!=0)
3136 yyerror("response-ip action: expected deny, redirect, "
3137 "inform, inform_deny, always_transparent, "
3138 "always_refuse or always_nxdomain");