1 files changed, 91 insertions, 3 deletions

diff --git a/external/unbound/util/configparser.y b/external/unbound/util/configparser.y
index fb94be9d4..ad7f3d292 100644
--- a/external/unbound/util/configparser.y
+++ b/external/unbound/util/configparser.y
@@ -119,6 +119,9 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
 %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
 %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
+%token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
+%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN VAR_RATELIMIT_FACTOR
+%token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL
 
 %%
 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@@ -179,7 +182,10 @@ content_server: server_num_threads | server_verbosity | server_port |
 	server_so_reuseport | server_delay_close | server_unblock_lan_zones |
 	server_dns64_prefix | server_dns64_synthall |
 	server_infra_cache_min_rtt | server_harden_algo_downgrade |
-	server_ip_transparent
+	server_ip_transparent | server_ratelimit | server_ratelimit_slabs |
+	server_ratelimit_size | server_ratelimit_for_domain |
+	server_ratelimit_below_domain | server_ratelimit_factor |
+	server_caps_whitelist | server_cache_max_negative_ttl
 	;
 stubstart: VAR_STUB_ZONE
 	{
@@ -878,6 +884,13 @@ server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
 		free($2);
 	}
 	;
+server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
+	{
+		OUTYY(("P(server_caps_whitelist:%s)\n", $2));
+		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
+			yyerror("out of memory");
+	}
+	;
 server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
 	{
 		OUTYY(("P(server_private_address:%s)\n", $2));
@@ -1013,6 +1026,15 @@ server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
 		free($2);
 	}
 	;
+server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
+	{
+		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
+		if(atoi($2) == 0 && strcmp($2, "0") != 0)
+			yyerror("number expected");
+		else cfg_parser->cfg->max_negative_ttl = atoi($2);
+		free($2);
+	}
+	;
 server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
 	{
 		OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
@@ -1139,10 +1161,11 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
 		   strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
 		   strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
 		   && strcmp($3, "typetransparent")!=0 &&
-		   strcmp($3, "inform")!=0)
+		   strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0)
 			yyerror("local-zone type: expected static, deny, "
 				"refuse, redirect, transparent, "
-				"typetransparent, inform or nodefault");
+				"typetransparent, inform, inform_deny "
+				"or nodefault");
 		else if(strcmp($3, "nodefault")==0) {
 			if(!cfg_strlist_insert(&cfg_parser->cfg->
 				local_zones_nodefault, $2))
@@ -1220,6 +1243,71 @@ server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
 		free($2);
 	}
 	;
+server_ratelimit: VAR_RATELIMIT STRING_ARG 
+	{ 
+		OUTYY(("P(server_ratelimit:%s)\n", $2)); 
+		if(atoi($2) == 0 && strcmp($2, "0") != 0)
+			yyerror("number expected");
+		else cfg_parser->cfg->ratelimit = atoi($2);
+		free($2);
+	}
+	;
+server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
+	{
+		OUTYY(("P(server_ratelimit_size:%s)\n", $2));
+		if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
+			yyerror("memory size expected");
+		free($2);
+	}
+	;
+server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
+	{
+		OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
+		if(atoi($2) == 0)
+			yyerror("number expected");
+		else {
+			cfg_parser->cfg->ratelimit_slabs = atoi($2);
+			if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
+				yyerror("must be a power of 2");
+		}
+		free($2);
+	}
+	;
+server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
+	{
+		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
+		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
+			yyerror("number expected");
+		} else {
+			if(!cfg_str2list_insert(&cfg_parser->cfg->
+				ratelimit_for_domain, $2, $3))
+				fatal_exit("out of memory adding "
+					"ratelimit-for-domain");
+		}
+	}
+	;
+server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
+	{
+		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
+		if(atoi($3) == 0 && strcmp($3, "0") != 0) {
+			yyerror("number expected");
+		} else {
+			if(!cfg_str2list_insert(&cfg_parser->cfg->
+				ratelimit_below_domain, $2, $3))
+				fatal_exit("out of memory adding "
+					"ratelimit-below-domain");
+		}
+	}
+	;
+server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG 
+	{ 
+		OUTYY(("P(server_ratelimit_factor:%s)\n", $2)); 
+		if(atoi($2) == 0 && strcmp($2, "0") != 0)
+			yyerror("number expected");
+		else cfg_parser->cfg->ratelimit_factor = atoi($2);
+		free($2);
+	}
+	;
 stub_name: VAR_NAME STRING_ARG
 	{
 		OUTYY(("P(name:%s)\n", $2));