diff options
Diffstat (limited to '')
-rw-r--r-- | external/unbound/util/config_file.h | 264 |
1 files changed, 262 insertions, 2 deletions
diff --git a/external/unbound/util/config_file.h b/external/unbound/util/config_file.h index 8fa163ed7..79b094894 100644 --- a/external/unbound/util/config_file.h +++ b/external/unbound/util/config_file.h @@ -42,11 +42,15 @@ #ifndef UTIL_CONFIG_FILE_H #define UTIL_CONFIG_FILE_H struct config_stub; +struct config_view; struct config_strlist; struct config_str2list; +struct config_str3list; +struct config_strbytelist; struct module_qstate; struct sock_list; struct ub_packed_rrset_key; +struct regional; /** * The configuration options. @@ -72,12 +76,18 @@ struct config_file { int do_ip4; /** do ip6 query support. */ int do_ip6; + /** prefer ip6 upstream queries. */ + int prefer_ip6; /** do udp query support. */ int do_udp; /** do tcp query support. */ int do_tcp; /** tcp upstream queries (no UDP upstream queries) */ int tcp_upstream; + /** maximum segment size of tcp socket which queries are answered */ + int tcp_mss; + /** maximum segment size of tcp socket for outgoing queries */ + int outgoing_tcp_mss; /** private key file for dnstcp-ssl service (enabled if not NULL) */ char* ssl_service_key; @@ -138,6 +148,8 @@ struct config_file { int so_reuseport; /** IP_TRANSPARENT socket option requested on port 53 sockets */ int ip_transparent; + /** IP_FREEBIND socket option request on port 53 sockets */ + int ip_freebind; /** number of interfaces to open. If 0 default all interfaces. */ int num_ifs; @@ -156,8 +168,22 @@ struct config_file { struct config_stub* stubs; /** the forward zone definitions, linked list */ struct config_stub* forwards; + /** the views definitions, linked list */ + struct config_view* views; /** list of donotquery addresses, linked list */ struct config_strlist* donotqueryaddrs; +#ifdef CLIENT_SUBNET + /** list of servers we send edns-client-subnet option to and + * accept option from, linked list */ + struct config_strlist* client_subnet; + /** opcode assigned by IANA for edns0-client-subnet option */ + uint16_t client_subnet_opcode; + /** Do not check whitelist if incoming query contains an ECS record */ + int client_subnet_always_forward; + /** Subnet length we are willing to give up privacy for */ + uint8_t max_client_subnet_ipv4; + uint8_t max_client_subnet_ipv6; +#endif /** list of access control entries, linked list */ struct config_str2list* acls; /** use default localhost donotqueryaddr entries */ @@ -215,11 +241,17 @@ struct config_file { int log_time_ascii; /** log queries with one line per query */ int log_queries; + /** log replies with one line per reply */ + int log_replies; + /** log identity to report */ + char* log_identity; /** do not report identity (id.server, hostname.bind) */ int hide_identity; /** do not report version (version.server, version.bind) */ int hide_version; + /** do not report trustanchor (trustanchor.unbound) */ + int hide_trustanchor; /** identity, hostname is returned if "". */ char* identity; /** version, package version returned if "". */ @@ -261,6 +293,8 @@ struct config_file { int val_permissive_mode; /** ignore the CD flag in incoming queries and refuse them bogus data */ int ignore_cd; + /** serve expired entries and prefetch them */ + int serve_expired; /** nsec3 maximum iterations per key size, string */ char* val_nsec3_key_iterations; /** autotrust add holddown time, in seconds */ @@ -285,8 +319,32 @@ struct config_file { struct config_strlist* local_zones_nodefault; /** local data RRs configured */ struct config_strlist* local_data; - /** unblock lan zones (reverse lookups for 10/8 and so on) */ + /** local zone override types per netblock */ + struct config_str3list* local_zone_overrides; + /** unblock lan zones (reverse lookups for AS112 zones) */ int unblock_lan_zones; + /** insecure lan zones (don't validate AS112 zones) */ + int insecure_lan_zones; + /** list of zonename, tagbitlist */ + struct config_strbytelist* local_zone_tags; + /** list of aclname, tagbitlist */ + struct config_strbytelist* acl_tags; + /** list of aclname, tagname, localzonetype */ + struct config_str3list* acl_tag_actions; + /** list of aclname, tagname, redirectdata */ + struct config_str3list* acl_tag_datas; + /** list of aclname, view*/ + struct config_str2list* acl_view; + /** list of IP-netblock, tagbitlist */ + struct config_strbytelist* respip_tags; + /** list of response-driven access control entries, linked list */ + struct config_str2list* respip_actions; + /** RRs configured for response-driven access controls */ + struct config_str2list* respip_data; + /** tag list, array with tagname[i] is malloced string */ + char** tagname; + /** number of items in the taglist */ + int num_tags; /** remote control section. enable toggle. */ int remote_control_enable; @@ -308,6 +366,9 @@ struct config_file { /** Python script file */ char* python_script; + /** Use systemd socket activation. */ + int use_systemd; + /** daemonize, i.e. fork into the background. */ int do_daemonize; @@ -352,7 +413,19 @@ struct config_file { /** true to log dnstap FORWARDER_RESPONSE message events */ int dnstap_log_forwarder_response_messages; - /** ratelimit 0 is off, otherwise qps (unless overridden) */ + /** true to disable DNSSEC lameness check in iterator */ + int disable_dnssec_lame_check; + + /** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */ + int ip_ratelimit; + /** number of slabs for ip_ratelimit cache */ + size_t ip_ratelimit_slabs; + /** memory size in bytes for ip_ratelimit cache */ + size_t ip_ratelimit_size; + /** ip_ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */ + int ip_ratelimit_factor; + + /** ratelimit for domains. 0 is off, otherwise qps (unless overridden) */ int ratelimit; /** number of slabs for ratelimit cache */ size_t ratelimit_slabs; @@ -366,6 +439,25 @@ struct config_file { int ratelimit_factor; /** minimise outgoing QNAME and hide original QTYPE if possible */ int qname_minimisation; + /** minimise QNAME in strict mode, minimise according to RFC. + * Do not apply fallback */ + int qname_minimisation_strict; + /** SHM data - true if shm is enabled */ + int shm_enable; + /** SHM data - key for the shm */ + int shm_key; + + /** DNSCrypt */ + /** true to enable dnscrypt */ + int dnscrypt; + /** port on which to provide dnscrypt service */ + int dnscrypt_port; + /** provider name 2.dnscrypt-cert.example.com */ + char* dnscrypt_provider; + /** dnscrypt secret keys 1.key */ + struct config_strlist* dnscrypt_secret_key; + /** dnscrypt provider certs 1.cert */ + struct config_strlist* dnscrypt_provider_cert; }; /** from cfg username, after daemonise setup performed */ @@ -391,6 +483,31 @@ struct config_stub { int isprime; /** if forward-first is set (failover to without if fails) */ int isfirst; + /** use SSL for queries to this stub */ + int ssl_upstream; +}; + +/** + * View config options + */ +struct config_view { + /** next in list */ + struct config_view* next; + /** view name */ + char* name; + /** local zones */ + struct config_str2list* local_zones; + /** local data RRs */ + struct config_strlist* local_data; + /** local zones nodefault list */ + struct config_strlist* local_zones_nodefault; + /** Fallback to global local_zones when there is no match in the view + * view specific tree. 1 for yes, 0 for no */ + int isfirst; + /** predefined actions for particular IP address responses */ + struct config_str2list* respip_actions; + /** data complementing the 'redirect' response IP actions */ + struct config_str2list* respip_data; }; /** @@ -415,6 +532,34 @@ struct config_str2list { char* str2; }; +/** + * List of three strings for config options + */ +struct config_str3list { + /** next item in list */ + struct config_str3list* next; + /** first string */ + char* str; + /** second string */ + char* str2; + /** third string */ + char* str3; +}; + + +/** + * List of string, bytestring for config options + */ +struct config_strbytelist { + /** next item in list */ + struct config_strbytelist* next; + /** first string */ + char* str; + /** second bytestring */ + uint8_t* str2; + size_t str2len; +}; + /** List head for strlist processing, used for append operation. */ struct config_strlist_head { /** first in list of text items */ @@ -544,6 +689,10 @@ int cfg_strlist_append(struct config_strlist_head* list, char* item); */ int cfg_strlist_insert(struct config_strlist** head, char* item); +/** insert with region for allocation. */ +int cfg_region_strlist_insert(struct regional* region, + struct config_strlist** head, char* item); + /** * Insert string into str2list. * @param head: pointer to str2list head variable. @@ -554,6 +703,39 @@ int cfg_strlist_insert(struct config_strlist** head, char* item); int cfg_str2list_insert(struct config_str2list** head, char* item, char* i2); /** + * Insert string into str3list. + * @param head: pointer to str3list head variable. + * @param item: new item. malloced by caller. If NULL the insertion fails. + * @param i2: 2nd string, malloced by caller. If NULL the insertion fails. + * @param i3: 3rd string, malloced by caller. If NULL the insertion fails. + * @return: true on success. + */ +int cfg_str3list_insert(struct config_str3list** head, char* item, char* i2, + char* i3); + +/** + * Insert string into strbytelist. + * @param head: pointer to strbytelist head variable. + * @param item: new item. malloced by caller. If NULL the insertion fails. + * @param i2: 2nd string, malloced by caller. If NULL the insertion fails. + * @param i2len: length of the i2 bytestring. + * @return: true on success. + */ +int cfg_strbytelist_insert(struct config_strbytelist** head, char* item, + uint8_t* i2, size_t i2len); + +/** + * Find stub in config list, also returns prevptr (for deletion). + * @param pp: call routine with pointer to a pointer to the start of the list, + * if the stub is found, on exit, the value contains a pointer to the + * next pointer that points to the found element (or to the list start + * pointer if it is the first element). + * @param nm: name of stub to find. + * @return: pointer to config_stub if found, or NULL if not found. + */ +struct config_stub* cfg_stub_find(struct config_stub*** pp, const char* nm); + +/** * Delete items in config string list. * @param list: list. */ @@ -566,12 +748,39 @@ void config_delstrlist(struct config_strlist* list); void config_deldblstrlist(struct config_str2list* list); /** + * Delete items in config triple string list. + * @param list: list. + */ +void config_deltrplstrlist(struct config_str3list* list); + +/** delete stringbytelist */ +void config_del_strbytelist(struct config_strbytelist* list); + +/** + * Delete a stub item + * @param p: stub item + */ +void config_delstub(struct config_stub* p); + +/** * Delete items in config stub list. * @param list: list. */ void config_delstubs(struct config_stub* list); /** + * Delete a view item + * @param p: view item + */ +void config_delview(struct config_view* p); + +/** + * Delete items in config view list. + * @param list: list. + */ +void config_delviews(struct config_view* list); + +/** * Convert 14digit to time value * @param str: string of 14 digits * @return time value or 0 for error. @@ -602,6 +811,54 @@ int cfg_count_numbers(const char* str); int cfg_parse_memsize(const char* str, size_t* res); /** + * Add a tag name to the config. It is added at the end with a new ID value. + * @param cfg: the config structure. + * @param tag: string (which is copied) with the name. + * @return: false on alloc failure. + */ +int config_add_tag(struct config_file* cfg, const char* tag); + +/** + * Find tag ID in the tag list. + * @param cfg: the config structure. + * @param tag: string with tag name to search for. + * @return: 0..(num_tags-1) with tag ID, or -1 if tagname is not found. + */ +int find_tag_id(struct config_file* cfg, const char* tag); + +/** + * parse taglist from string into bytestring with bitlist. + * @param cfg: the config structure (with tagnames) + * @param str: the string to parse. Parse puts 0 bytes in string. + * @param listlen: returns length of in bytes. + * @return malloced bytes with a bitlist of the tags. or NULL on parse error + * or malloc failure. + */ +uint8_t* config_parse_taglist(struct config_file* cfg, char* str, + size_t* listlen); + +/** + * convert tag bitlist to a malloced string with tag names. For debug output. + * @param cfg: the config structure (with tagnames) + * @param taglist: the tag bitlist. + * @param len: length of the tag bitlist. + * @return malloced string or NULL. + */ +char* config_taglist2str(struct config_file* cfg, uint8_t* taglist, + size_t len); + +/** + * see if two taglists intersect (have tags in common). + * @param list1: first tag bitlist. + * @param list1len: length in bytes of first list. + * @param list2: second tag bitlist. + * @param list2len: length in bytes of second list. + * @return true if there are tags in common, 0 if not. + */ +int taglist_intersect(uint8_t* list1, size_t list1len, uint8_t* list2, + size_t list2len); + +/** * Parse local-zone directive into two strings and register it in the config. * @param cfg: to put it in. * @param val: argument strings to local-zone, "example.com nodefault". @@ -746,4 +1003,7 @@ char* w_lookup_reg_str(const char* key, const char* name); void w_config_adjust_directory(struct config_file* cfg); #endif /* UB_ON_WINDOWS */ +/** debug option for unit tests. */ +extern int fake_dsa, fake_sha1; + #endif /* UTIL_CONFIG_FILE_H */ |