config_file.h (307729) | config_file.h (356345) |
---|---|
1/* 2 * util/config_file.h - reads and stores the config file for unbound. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without --- 28 unchanged lines hidden (view full) --- 37 * \file 38 * 39 * This file contains functions for the config file. 40 */ 41 42#ifndef UTIL_CONFIG_FILE_H 43#define UTIL_CONFIG_FILE_H 44struct config_stub; | 1/* 2 * util/config_file.h - reads and stores the config file for unbound. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without --- 28 unchanged lines hidden (view full) --- 37 * \file 38 * 39 * This file contains functions for the config file. 40 */ 41 42#ifndef UTIL_CONFIG_FILE_H 43#define UTIL_CONFIG_FILE_H 44struct config_stub; |
45struct config_auth; 46struct config_view; |
|
45struct config_strlist; 46struct config_str2list; 47struct config_str3list; 48struct config_strbytelist; 49struct module_qstate; 50struct sock_list; 51struct ub_packed_rrset_key; 52struct regional; 53 | 47struct config_strlist; 48struct config_str2list; 49struct config_str3list; 50struct config_strbytelist; 51struct module_qstate; 52struct sock_list; 53struct ub_packed_rrset_key; 54struct regional; 55 |
56/** List head for strlist processing, used for append operation. */ 57struct config_strlist_head { 58 /** first in list of text items */ 59 struct config_strlist* first; 60 /** last in list of text items */ 61 struct config_strlist* last; 62}; 63 |
|
54/** 55 * The configuration options. 56 * Strings are malloced. 57 */ 58struct config_file { 59 /** verbosity level as specified in the config file */ 60 int verbosity; 61 --- 16 unchanged lines hidden (view full) --- 78 /** prefer ip6 upstream queries. */ 79 int prefer_ip6; 80 /** do udp query support. */ 81 int do_udp; 82 /** do tcp query support. */ 83 int do_tcp; 84 /** tcp upstream queries (no UDP upstream queries) */ 85 int tcp_upstream; | 64/** 65 * The configuration options. 66 * Strings are malloced. 67 */ 68struct config_file { 69 /** verbosity level as specified in the config file */ 70 int verbosity; 71 --- 16 unchanged lines hidden (view full) --- 88 /** prefer ip6 upstream queries. */ 89 int prefer_ip6; 90 /** do udp query support. */ 91 int do_udp; 92 /** do tcp query support. */ 93 int do_tcp; 94 /** tcp upstream queries (no UDP upstream queries) */ 95 int tcp_upstream; |
96 /** udp upstream enabled when no UDP downstream is enabled (do_udp no)*/ 97 int udp_upstream_without_downstream; |
|
86 /** maximum segment size of tcp socket which queries are answered */ 87 int tcp_mss; 88 /** maximum segment size of tcp socket for outgoing queries */ 89 int outgoing_tcp_mss; | 98 /** maximum segment size of tcp socket which queries are answered */ 99 int tcp_mss; 100 /** maximum segment size of tcp socket for outgoing queries */ 101 int outgoing_tcp_mss; |
102 /** tcp idle timeout, in msec */ 103 int tcp_idle_timeout; 104 /** do edns tcp keepalive */ 105 int do_tcp_keepalive; 106 /** tcp keepalive timeout, in msec */ 107 int tcp_keepalive_timeout; |
|
90 91 /** private key file for dnstcp-ssl service (enabled if not NULL) */ 92 char* ssl_service_key; 93 /** public key file for dnstcp-ssl service */ 94 char* ssl_service_pem; 95 /** port on which to provide ssl service */ 96 int ssl_port; 97 /** if outgoing tcp connections use SSL */ 98 int ssl_upstream; | 108 109 /** private key file for dnstcp-ssl service (enabled if not NULL) */ 110 char* ssl_service_key; 111 /** public key file for dnstcp-ssl service */ 112 char* ssl_service_pem; 113 /** port on which to provide ssl service */ 114 int ssl_port; 115 /** if outgoing tcp connections use SSL */ 116 int ssl_upstream; |
117 /** cert bundle for outgoing connections */ 118 char* tls_cert_bundle; 119 /** should the system certificate store get added to the cert bundle */ 120 int tls_win_cert; 121 /** additional tls ports */ 122 struct config_strlist* tls_additional_port; 123 /** secret key used to encrypt and decrypt TLS session ticket */ 124 struct config_strlist_head tls_session_ticket_keys; 125 /** TLS ciphers */ 126 char* tls_ciphers; 127 /** TLS chiphersuites (TLSv1.3) */ 128 char* tls_ciphersuites; |
|
99 100 /** outgoing port range number of ports (per thread) */ 101 int outgoing_num_ports; 102 /** number of outgoing tcp buffers per (per thread) */ 103 size_t outgoing_num_tcp; 104 /** number of incoming tcp buffers per (per thread) */ 105 size_t incoming_num_tcp; 106 /** allowed udp port numbers, array with 0 if not allowed */ 107 int* outgoing_avail_ports; 108 109 /** EDNS buffer size to use */ 110 size_t edns_buffer_size; | 129 130 /** outgoing port range number of ports (per thread) */ 131 int outgoing_num_ports; 132 /** number of outgoing tcp buffers per (per thread) */ 133 size_t outgoing_num_tcp; 134 /** number of incoming tcp buffers per (per thread) */ 135 size_t incoming_num_tcp; 136 /** allowed udp port numbers, array with 0 if not allowed */ 137 int* outgoing_avail_ports; 138 139 /** EDNS buffer size to use */ 140 size_t edns_buffer_size; |
141 /** size of the stream wait buffers, max */ 142 size_t stream_wait_size; |
|
111 /** number of bytes buffer size for DNS messages */ 112 size_t msg_buffer_size; 113 /** size of the message cache */ 114 size_t msg_cache_size; 115 /** slabs in the message cache. */ 116 size_t msg_cache_slabs; 117 /** number of queries every thread can service */ 118 size_t num_queries_per_thread; --- 11 unchanged lines hidden (view full) --- 130 size_t infra_cache_numhosts; 131 /** min value for infra cache rtt */ 132 int infra_cache_min_rtt; 133 /** delay close of udp-timeouted ports, if 0 no delayclose. in msec */ 134 int delay_close; 135 136 /** the target fetch policy for the iterator */ 137 char* target_fetch_policy; | 143 /** number of bytes buffer size for DNS messages */ 144 size_t msg_buffer_size; 145 /** size of the message cache */ 146 size_t msg_cache_size; 147 /** slabs in the message cache. */ 148 size_t msg_cache_slabs; 149 /** number of queries every thread can service */ 150 size_t num_queries_per_thread; --- 11 unchanged lines hidden (view full) --- 162 size_t infra_cache_numhosts; 163 /** min value for infra cache rtt */ 164 int infra_cache_min_rtt; 165 /** delay close of udp-timeouted ports, if 0 no delayclose. in msec */ 166 int delay_close; 167 168 /** the target fetch policy for the iterator */ 169 char* target_fetch_policy; |
170 /** percent*10, how many times in 1000 to pick from the fastest 171 * destinations */ 172 int fast_server_permil; 173 /** number of fastest server to select from */ 174 size_t fast_server_num; |
|
138 139 /** automatic interface for incoming messages. Uses ipv6 remapping, 140 * and recvmsg/sendmsg ancillary data to detect interfaces, boolean */ 141 int if_automatic; 142 /** SO_RCVBUF size to set on port 53 UDP socket */ 143 size_t so_rcvbuf; 144 /** SO_SNDBUF size to set on port 53 UDP socket */ 145 size_t so_sndbuf; --- 16 unchanged lines hidden (view full) --- 162 char **out_ifs; 163 164 /** the root hints */ 165 struct config_strlist* root_hints; 166 /** the stub definitions, linked list */ 167 struct config_stub* stubs; 168 /** the forward zone definitions, linked list */ 169 struct config_stub* forwards; | 175 176 /** automatic interface for incoming messages. Uses ipv6 remapping, 177 * and recvmsg/sendmsg ancillary data to detect interfaces, boolean */ 178 int if_automatic; 179 /** SO_RCVBUF size to set on port 53 UDP socket */ 180 size_t so_rcvbuf; 181 /** SO_SNDBUF size to set on port 53 UDP socket */ 182 size_t so_sndbuf; --- 16 unchanged lines hidden (view full) --- 199 char **out_ifs; 200 201 /** the root hints */ 202 struct config_strlist* root_hints; 203 /** the stub definitions, linked list */ 204 struct config_stub* stubs; 205 /** the forward zone definitions, linked list */ 206 struct config_stub* forwards; |
207 /** the auth zone definitions, linked list */ 208 struct config_auth* auths; 209 /** the views definitions, linked list */ 210 struct config_view* views; |
|
170 /** list of donotquery addresses, linked list */ 171 struct config_strlist* donotqueryaddrs; | 211 /** list of donotquery addresses, linked list */ 212 struct config_strlist* donotqueryaddrs; |
213#ifdef CLIENT_SUBNET 214 /** list of servers we send edns-client-subnet option to and 215 * accept option from, linked list */ 216 struct config_strlist* client_subnet; 217 /** list of zones we send edns-client-subnet option for */ 218 struct config_strlist* client_subnet_zone; 219 /** opcode assigned by IANA for edns0-client-subnet option */ 220 uint16_t client_subnet_opcode; 221 /** Do not check whitelist if incoming query contains an ECS record */ 222 int client_subnet_always_forward; 223 /** Subnet length we are willing to give up privacy for */ 224 uint8_t max_client_subnet_ipv4; 225 uint8_t max_client_subnet_ipv6; 226 /** Minimum subnet length we are willing to answer */ 227 uint8_t min_client_subnet_ipv4; 228 uint8_t min_client_subnet_ipv6; 229 /** Max number of nodes in the ECS radix tree */ 230 uint32_t max_ecs_tree_size_ipv4; 231 uint32_t max_ecs_tree_size_ipv6; 232#endif |
|
172 /** list of access control entries, linked list */ 173 struct config_str2list* acls; 174 /** use default localhost donotqueryaddr entries */ 175 int donotquery_localhost; 176 | 233 /** list of access control entries, linked list */ 234 struct config_str2list* acls; 235 /** use default localhost donotqueryaddr entries */ 236 int donotquery_localhost; 237 |
238 /** list of tcp connection limitss, linked list */ 239 struct config_str2list* tcp_connection_limits; 240 |
|
177 /** harden against very small edns buffer sizes */ 178 int harden_short_bufsize; 179 /** harden against very large query sizes */ 180 int harden_large_queries; 181 /** harden against spoofed glue (out of zone data) */ 182 int harden_glue; 183 /** harden against receiving no DNSSEC data for trust anchor */ 184 int harden_dnssec_stripped; --- 18 unchanged lines hidden (view full) --- 203 /** the number of seconds minimum TTL used for RRsets and messages */ 204 int min_ttl; 205 /** the number of seconds maximal negative TTL for SOA in auth */ 206 int max_negative_ttl; 207 /** if prefetching of messages should be performed. */ 208 int prefetch; 209 /** if prefetching of DNSKEYs should be performed. */ 210 int prefetch_key; | 241 /** harden against very small edns buffer sizes */ 242 int harden_short_bufsize; 243 /** harden against very large query sizes */ 244 int harden_large_queries; 245 /** harden against spoofed glue (out of zone data) */ 246 int harden_glue; 247 /** harden against receiving no DNSSEC data for trust anchor */ 248 int harden_dnssec_stripped; --- 18 unchanged lines hidden (view full) --- 267 /** the number of seconds minimum TTL used for RRsets and messages */ 268 int min_ttl; 269 /** the number of seconds maximal negative TTL for SOA in auth */ 270 int max_negative_ttl; 271 /** if prefetching of messages should be performed. */ 272 int prefetch; 273 /** if prefetching of DNSKEYs should be performed. */ 274 int prefetch_key; |
275 /** deny queries of type ANY with an empty answer */ 276 int deny_any; |
|
211 212 /** chrootdir, if not "" or chroot will be done */ 213 char* chrootdir; 214 /** username to change to, if not "". */ 215 char* username; 216 /** working directory */ 217 char* directory; 218 /** filename to log to. */ 219 char* logfile; 220 /** pidfile to write pid to. */ 221 char* pidfile; 222 223 /** should log messages be sent to syslogd */ 224 int use_syslog; 225 /** log timestamp in ascii UTC */ 226 int log_time_ascii; 227 /** log queries with one line per query */ 228 int log_queries; | 277 278 /** chrootdir, if not "" or chroot will be done */ 279 char* chrootdir; 280 /** username to change to, if not "". */ 281 char* username; 282 /** working directory */ 283 char* directory; 284 /** filename to log to. */ 285 char* logfile; 286 /** pidfile to write pid to. */ 287 char* pidfile; 288 289 /** should log messages be sent to syslogd */ 290 int use_syslog; 291 /** log timestamp in ascii UTC */ 292 int log_time_ascii; 293 /** log queries with one line per query */ 294 int log_queries; |
295 /** log replies with one line per reply */ 296 int log_replies; 297 /** tag log_queries and log_replies for filtering */ 298 int log_tag_queryreply; 299 /** log every local-zone hit **/ 300 int log_local_actions; 301 /** log servfails with a reason */ 302 int log_servfail; 303 /** log identity to report */ 304 char* log_identity; |
|
229 230 /** do not report identity (id.server, hostname.bind) */ 231 int hide_identity; 232 /** do not report version (version.server, version.bind) */ 233 int hide_version; | 305 306 /** do not report identity (id.server, hostname.bind) */ 307 int hide_identity; 308 /** do not report version (version.server, version.bind) */ 309 int hide_version; |
310 /** do not report trustanchor (trustanchor.unbound) */ 311 int hide_trustanchor; |
|
234 /** identity, hostname is returned if "". */ 235 char* identity; 236 /** version, package version returned if "". */ 237 char* version; 238 239 /** the module configuration string */ 240 char* module_conf; 241 --- 6 unchanged lines hidden (view full) --- 248 /** files with trusted DNSKEYs in named.conf format, list */ 249 struct config_strlist* trusted_keys_file_list; 250 /** DLV anchor file */ 251 char* dlv_anchor_file; 252 /** DLV anchor inline */ 253 struct config_strlist* dlv_anchor_list; 254 /** insecure domain list */ 255 struct config_strlist* domain_insecure; | 312 /** identity, hostname is returned if "". */ 313 char* identity; 314 /** version, package version returned if "". */ 315 char* version; 316 317 /** the module configuration string */ 318 char* module_conf; 319 --- 6 unchanged lines hidden (view full) --- 326 /** files with trusted DNSKEYs in named.conf format, list */ 327 struct config_strlist* trusted_keys_file_list; 328 /** DLV anchor file */ 329 char* dlv_anchor_file; 330 /** DLV anchor inline */ 331 struct config_strlist* dlv_anchor_list; 332 /** insecure domain list */ 333 struct config_strlist* domain_insecure; |
334 /** send key tag query */ 335 int trust_anchor_signaling; 336 /** enable root key sentinel */ 337 int root_key_sentinel; |
|
256 257 /** if not 0, this value is the validation date for RRSIGs */ 258 int32_t val_date_override; 259 /** the minimum for signature clock skew */ 260 int32_t val_sig_skew_min; 261 /** the maximum for signature clock skew */ 262 int32_t val_sig_skew_max; 263 /** this value sets the number of seconds before revalidating bogus */ 264 int bogus_ttl; 265 /** should validator clean additional section for secure msgs */ 266 int val_clean_additional; 267 /** log bogus messages by the validator */ 268 int val_log_level; 269 /** squelch val_log_level to log - this is library goes to callback */ 270 int val_log_squelch; 271 /** should validator allow bogus messages to go through */ 272 int val_permissive_mode; | 338 339 /** if not 0, this value is the validation date for RRSIGs */ 340 int32_t val_date_override; 341 /** the minimum for signature clock skew */ 342 int32_t val_sig_skew_min; 343 /** the maximum for signature clock skew */ 344 int32_t val_sig_skew_max; 345 /** this value sets the number of seconds before revalidating bogus */ 346 int bogus_ttl; 347 /** should validator clean additional section for secure msgs */ 348 int val_clean_additional; 349 /** log bogus messages by the validator */ 350 int val_log_level; 351 /** squelch val_log_level to log - this is library goes to callback */ 352 int val_log_squelch; 353 /** should validator allow bogus messages to go through */ 354 int val_permissive_mode; |
355 /** use cached NSEC records to synthesise (negative) answers */ 356 int aggressive_nsec; |
|
273 /** ignore the CD flag in incoming queries and refuse them bogus data */ 274 int ignore_cd; | 357 /** ignore the CD flag in incoming queries and refuse them bogus data */ 358 int ignore_cd; |
359 /** serve expired entries and prefetch them */ 360 int serve_expired; 361 /** serve expired entries until TTL after expiration */ 362 int serve_expired_ttl; 363 /** reset serve expired TTL after failed update attempt */ 364 int serve_expired_ttl_reset; |
|
275 /** nsec3 maximum iterations per key size, string */ 276 char* val_nsec3_key_iterations; 277 /** autotrust add holddown time, in seconds */ 278 unsigned int add_holddown; 279 /** autotrust del holddown time, in seconds */ 280 unsigned int del_holddown; 281 /** autotrust keep_missing time, in seconds. 0 is forever. */ 282 unsigned int keep_missing; --- 6 unchanged lines hidden (view full) --- 289 size_t key_cache_slabs; 290 /** size of the neg cache */ 291 size_t neg_cache_size; 292 293 /** local zones config */ 294 struct config_str2list* local_zones; 295 /** local zones nodefault list */ 296 struct config_strlist* local_zones_nodefault; | 365 /** nsec3 maximum iterations per key size, string */ 366 char* val_nsec3_key_iterations; 367 /** autotrust add holddown time, in seconds */ 368 unsigned int add_holddown; 369 /** autotrust del holddown time, in seconds */ 370 unsigned int del_holddown; 371 /** autotrust keep_missing time, in seconds. 0 is forever. */ 372 unsigned int keep_missing; --- 6 unchanged lines hidden (view full) --- 379 size_t key_cache_slabs; 380 /** size of the neg cache */ 381 size_t neg_cache_size; 382 383 /** local zones config */ 384 struct config_str2list* local_zones; 385 /** local zones nodefault list */ 386 struct config_strlist* local_zones_nodefault; |
387#ifdef USE_IPSET 388 /** local zones ipset list */ 389 struct config_strlist* local_zones_ipset; 390#endif 391 /** do not add any default local zone */ 392 int local_zones_disable_default; |
|
297 /** local data RRs configured */ 298 struct config_strlist* local_data; 299 /** local zone override types per netblock */ 300 struct config_str3list* local_zone_overrides; 301 /** unblock lan zones (reverse lookups for AS112 zones) */ 302 int unblock_lan_zones; 303 /** insecure lan zones (don't validate AS112 zones) */ 304 int insecure_lan_zones; 305 /** list of zonename, tagbitlist */ 306 struct config_strbytelist* local_zone_tags; 307 /** list of aclname, tagbitlist */ 308 struct config_strbytelist* acl_tags; 309 /** list of aclname, tagname, localzonetype */ 310 struct config_str3list* acl_tag_actions; 311 /** list of aclname, tagname, redirectdata */ 312 struct config_str3list* acl_tag_datas; | 393 /** local data RRs configured */ 394 struct config_strlist* local_data; 395 /** local zone override types per netblock */ 396 struct config_str3list* local_zone_overrides; 397 /** unblock lan zones (reverse lookups for AS112 zones) */ 398 int unblock_lan_zones; 399 /** insecure lan zones (don't validate AS112 zones) */ 400 int insecure_lan_zones; 401 /** list of zonename, tagbitlist */ 402 struct config_strbytelist* local_zone_tags; 403 /** list of aclname, tagbitlist */ 404 struct config_strbytelist* acl_tags; 405 /** list of aclname, tagname, localzonetype */ 406 struct config_str3list* acl_tag_actions; 407 /** list of aclname, tagname, redirectdata */ 408 struct config_str3list* acl_tag_datas; |
409 /** list of aclname, view*/ 410 struct config_str2list* acl_view; 411 /** list of IP-netblock, tagbitlist */ 412 struct config_strbytelist* respip_tags; 413 /** list of response-driven access control entries, linked list */ 414 struct config_str2list* respip_actions; 415 /** RRs configured for response-driven access controls */ 416 struct config_str2list* respip_data; |
|
313 /** tag list, array with tagname[i] is malloced string */ 314 char** tagname; 315 /** number of items in the taglist */ 316 int num_tags; 317 318 /** remote control section. enable toggle. */ 319 int remote_control_enable; 320 /** the interfaces the remote control should listen on */ | 417 /** tag list, array with tagname[i] is malloced string */ 418 char** tagname; 419 /** number of items in the taglist */ 420 int num_tags; 421 422 /** remote control section. enable toggle. */ 423 int remote_control_enable; 424 /** the interfaces the remote control should listen on */ |
321 struct config_strlist* control_ifs; | 425 struct config_strlist_head control_ifs; 426 /** if the use-cert option is set */ 427 int control_use_cert; |
322 /** port number for the control port */ 323 int control_port; | 428 /** port number for the control port */ 429 int control_port; |
324 /** use certificates for remote control */ 325 int remote_control_use_cert; | |
326 /** private key file for server */ 327 char* server_key_file; 328 /** certificate file for server */ 329 char* server_cert_file; 330 /** private key file for unbound-control */ 331 char* control_key_file; 332 /** certificate file for unbound-control */ 333 char* control_cert_file; 334 335 /** Python script file */ | 430 /** private key file for server */ 431 char* server_key_file; 432 /** certificate file for server */ 433 char* server_cert_file; 434 /** private key file for unbound-control */ 435 char* control_key_file; 436 /** certificate file for unbound-control */ 437 char* control_cert_file; 438 439 /** Python script file */ |
336 char* python_script; | 440 struct config_strlist* python_script; |
337 | 441 |
442 /** Use systemd socket activation. */ 443 int use_systemd; 444 |
|
338 /** daemonize, i.e. fork into the background. */ 339 int do_daemonize; 340 341 /* minimal response when positive answer */ 342 int minimal_responses; 343 344 /* RRSet roundrobin */ 345 int rrset_roundrobin; 346 | 445 /** daemonize, i.e. fork into the background. */ 446 int do_daemonize; 447 448 /* minimal response when positive answer */ 449 int minimal_responses; 450 451 /* RRSet roundrobin */ 452 int rrset_roundrobin; 453 |
454 /* wait time for unknown server in msec */ 455 int unknown_server_time_limit; 456 |
|
347 /* maximum UDP response size */ 348 size_t max_udp_size; 349 350 /* DNS64 prefix */ 351 char* dns64_prefix; 352 353 /* Synthetize all AAAA record despite the presence of an authoritative one */ 354 int dns64_synthall; | 457 /* maximum UDP response size */ 458 size_t max_udp_size; 459 460 /* DNS64 prefix */ 461 char* dns64_prefix; 462 463 /* Synthetize all AAAA record despite the presence of an authoritative one */ 464 int dns64_synthall; |
465 /** ignore AAAAs for these domain names and use A record anyway */ 466 struct config_strlist* dns64_ignore_aaaa; |
|
355 356 /** true to enable dnstap support */ 357 int dnstap; 358 /** dnstap socket path */ 359 char* dnstap_socket_path; 360 /** true to send "identity" via dnstap */ 361 int dnstap_send_identity; 362 /** true to send "version" via dnstap */ --- 14 unchanged lines hidden (view full) --- 377 /** true to log dnstap FORWARDER_QUERY message events */ 378 int dnstap_log_forwarder_query_messages; 379 /** true to log dnstap FORWARDER_RESPONSE message events */ 380 int dnstap_log_forwarder_response_messages; 381 382 /** true to disable DNSSEC lameness check in iterator */ 383 int disable_dnssec_lame_check; 384 | 467 468 /** true to enable dnstap support */ 469 int dnstap; 470 /** dnstap socket path */ 471 char* dnstap_socket_path; 472 /** true to send "identity" via dnstap */ 473 int dnstap_send_identity; 474 /** true to send "version" via dnstap */ --- 14 unchanged lines hidden (view full) --- 489 /** true to log dnstap FORWARDER_QUERY message events */ 490 int dnstap_log_forwarder_query_messages; 491 /** true to log dnstap FORWARDER_RESPONSE message events */ 492 int dnstap_log_forwarder_response_messages; 493 494 /** true to disable DNSSEC lameness check in iterator */ 495 int disable_dnssec_lame_check; 496 |
385 /** ratelimit 0 is off, otherwise qps (unless overridden) */ | 497 /** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */ 498 int ip_ratelimit; 499 /** number of slabs for ip_ratelimit cache */ 500 size_t ip_ratelimit_slabs; 501 /** memory size in bytes for ip_ratelimit cache */ 502 size_t ip_ratelimit_size; 503 /** ip_ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */ 504 int ip_ratelimit_factor; 505 506 /** ratelimit for domains. 0 is off, otherwise qps (unless overridden) */ |
386 int ratelimit; 387 /** number of slabs for ratelimit cache */ 388 size_t ratelimit_slabs; 389 /** memory size in bytes for ratelimit cache */ 390 size_t ratelimit_size; 391 /** ratelimits for domain (exact match) */ 392 struct config_str2list* ratelimit_for_domain; 393 /** ratelimits below domain */ 394 struct config_str2list* ratelimit_below_domain; 395 /** ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */ 396 int ratelimit_factor; 397 /** minimise outgoing QNAME and hide original QTYPE if possible */ 398 int qname_minimisation; | 507 int ratelimit; 508 /** number of slabs for ratelimit cache */ 509 size_t ratelimit_slabs; 510 /** memory size in bytes for ratelimit cache */ 511 size_t ratelimit_size; 512 /** ratelimits for domain (exact match) */ 513 struct config_str2list* ratelimit_for_domain; 514 /** ratelimits below domain */ 515 struct config_str2list* ratelimit_below_domain; 516 /** ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */ 517 int ratelimit_factor; 518 /** minimise outgoing QNAME and hide original QTYPE if possible */ 519 int qname_minimisation; |
520 /** minimise QNAME in strict mode, minimise according to RFC. 521 * Do not apply fallback */ 522 int qname_minimisation_strict; 523 /** SHM data - true if shm is enabled */ 524 int shm_enable; 525 /** SHM data - key for the shm */ 526 int shm_key; 527 528 /** DNSCrypt */ 529 /** true to enable dnscrypt */ 530 int dnscrypt; 531 /** port on which to provide dnscrypt service */ 532 int dnscrypt_port; 533 /** provider name 2.dnscrypt-cert.example.com */ 534 char* dnscrypt_provider; 535 /** dnscrypt secret keys 1.key */ 536 struct config_strlist* dnscrypt_secret_key; 537 /** dnscrypt provider certs 1.cert */ 538 struct config_strlist* dnscrypt_provider_cert; 539 /** dnscrypt provider certs 1.cert which have been rotated and should not be 540 * advertised through DNS's providername TXT record but are required to be 541 * able to handle existing traffic using the old cert. */ 542 struct config_strlist* dnscrypt_provider_cert_rotated; 543 /** memory size in bytes for dnscrypt shared secrets cache */ 544 size_t dnscrypt_shared_secret_cache_size; 545 /** number of slabs for dnscrypt shared secrets cache */ 546 size_t dnscrypt_shared_secret_cache_slabs; 547 /** memory size in bytes for dnscrypt nonces cache */ 548 size_t dnscrypt_nonce_cache_size; 549 /** number of slabs for dnscrypt nonces cache */ 550 size_t dnscrypt_nonce_cache_slabs; 551 /** IPsec module */ 552#ifdef USE_IPSECMOD 553 /** false to bypass the IPsec module */ 554 int ipsecmod_enabled; 555 /** whitelisted domains for ipsecmod */ 556 struct config_strlist* ipsecmod_whitelist; 557 /** path to external hook */ 558 char* ipsecmod_hook; 559 /** true to proceed even with a bogus IPSECKEY */ 560 int ipsecmod_ignore_bogus; 561 /** max TTL for the A/AAAA records that call the hook */ 562 int ipsecmod_max_ttl; 563 /** false to proceed even when ipsecmod_hook fails */ 564 int ipsecmod_strict; 565#endif 566 567 /* cachedb module */ 568#ifdef USE_CACHEDB 569 /** backend DB name */ 570 char* cachedb_backend; 571 /** secret seed for hash key calculation */ 572 char* cachedb_secret; 573#ifdef USE_REDIS 574 /** redis server's IP address or host name */ 575 char* redis_server_host; 576 /** redis server's TCP port */ 577 int redis_server_port; 578 /** timeout (in ms) for communication with the redis server */ 579 int redis_timeout; 580#endif 581#endif 582 583 /* ipset module */ 584#ifdef USE_IPSET 585 char* ipset_name_v4; 586 char* ipset_name_v6; 587#endif |
|
399}; 400 | 588}; 589 |
401/** from cfg username, after daemonise setup performed */ | 590/** from cfg username, after daemonize setup performed */ |
402extern uid_t cfg_uid; | 591extern uid_t cfg_uid; |
403/** from cfg username, after daemonise setup performed */ | 592/** from cfg username, after daemonize setup performed */ |
404extern gid_t cfg_gid; 405/** debug and enable small timeouts */ 406extern int autr_permit_small_holddown; | 593extern gid_t cfg_gid; 594/** debug and enable small timeouts */ 595extern int autr_permit_small_holddown; |
596/** size (in bytes) of stream wait buffers max */ 597extern size_t stream_wait_max; |
|
407 408/** 409 * Stub config options 410 */ 411struct config_stub { 412 /** next in list */ 413 struct config_stub* next; 414 /** domain name (in text) of the stub apex domain */ 415 char* name; 416 /** list of stub nameserver hosts (domain name) */ 417 struct config_strlist* hosts; 418 /** list of stub nameserver addresses (IP address) */ 419 struct config_strlist* addrs; 420 /** if stub-prime is set */ 421 int isprime; 422 /** if forward-first is set (failover to without if fails) */ 423 int isfirst; | 598 599/** 600 * Stub config options 601 */ 602struct config_stub { 603 /** next in list */ 604 struct config_stub* next; 605 /** domain name (in text) of the stub apex domain */ 606 char* name; 607 /** list of stub nameserver hosts (domain name) */ 608 struct config_strlist* hosts; 609 /** list of stub nameserver addresses (IP address) */ 610 struct config_strlist* addrs; 611 /** if stub-prime is set */ 612 int isprime; 613 /** if forward-first is set (failover to without if fails) */ 614 int isfirst; |
615 /** use SSL for queries to this stub */ 616 int ssl_upstream; 617 /*** no cache */ 618 int no_cache; |
|
424}; 425 426/** | 619}; 620 621/** |
622 * Auth config options 623 */ 624struct config_auth { 625 /** next in list */ 626 struct config_auth* next; 627 /** domain name (in text) of the auth apex domain */ 628 char* name; 629 /** list of masters */ 630 struct config_strlist* masters; 631 /** list of urls */ 632 struct config_strlist* urls; 633 /** list of allow-notify */ 634 struct config_strlist* allow_notify; 635 /** zonefile (or NULL) */ 636 char* zonefile; 637 /** provide downstream answers */ 638 int for_downstream; 639 /** provide upstream answers */ 640 int for_upstream; 641 /** fallback to recursion to authorities if zone expired and other 642 * reasons perhaps (like, query bogus) */ 643 int fallback_enabled; 644}; 645 646/** 647 * View config options 648 */ 649struct config_view { 650 /** next in list */ 651 struct config_view* next; 652 /** view name */ 653 char* name; 654 /** local zones */ 655 struct config_str2list* local_zones; 656 /** local data RRs */ 657 struct config_strlist* local_data; 658 /** local zones nodefault list */ 659 struct config_strlist* local_zones_nodefault; 660#ifdef USE_IPSET 661 /** local zones ipset list */ 662 struct config_strlist* local_zones_ipset; 663#endif 664 /** Fallback to global local_zones when there is no match in the view 665 * view specific tree. 1 for yes, 0 for no */ 666 int isfirst; 667 /** predefined actions for particular IP address responses */ 668 struct config_str2list* respip_actions; 669 /** data complementing the 'redirect' response IP actions */ 670 struct config_str2list* respip_data; 671}; 672 673/** |
|
427 * List of strings for config options 428 */ 429struct config_strlist { 430 /** next item in list */ 431 struct config_strlist* next; 432 /** config option string */ 433 char* str; 434}; --- 33 unchanged lines hidden (view full) --- 468 struct config_strbytelist* next; 469 /** first string */ 470 char* str; 471 /** second bytestring */ 472 uint8_t* str2; 473 size_t str2len; 474}; 475 | 674 * List of strings for config options 675 */ 676struct config_strlist { 677 /** next item in list */ 678 struct config_strlist* next; 679 /** config option string */ 680 char* str; 681}; --- 33 unchanged lines hidden (view full) --- 715 struct config_strbytelist* next; 716 /** first string */ 717 char* str; 718 /** second bytestring */ 719 uint8_t* str2; 720 size_t str2len; 721}; 722 |
476/** List head for strlist processing, used for append operation. */ 477struct config_strlist_head { 478 /** first in list of text items */ 479 struct config_strlist* first; 480 /** last in list of text items */ 481 struct config_strlist* last; 482}; 483 | |
484/** 485 * Create config file structure. Filled with default values. 486 * @return: the new structure or NULL on memory error. 487 */ 488struct config_file* config_create(void); 489 490/** 491 * Create config file structure for library use. Filled with default values. --- 94 unchanged lines hidden (view full) --- 586 */ 587char* config_collate_cat(struct config_strlist* list); 588 589/** 590 * Append text at end of list. 591 * @param list: list head. zeroed at start. 592 * @param item: new item. malloced by caller. if NULL the insertion fails. 593 * @return true on success. | 723/** 724 * Create config file structure. Filled with default values. 725 * @return: the new structure or NULL on memory error. 726 */ 727struct config_file* config_create(void); 728 729/** 730 * Create config file structure for library use. Filled with default values. --- 94 unchanged lines hidden (view full) --- 825 */ 826char* config_collate_cat(struct config_strlist* list); 827 828/** 829 * Append text at end of list. 830 * @param list: list head. zeroed at start. 831 * @param item: new item. malloced by caller. if NULL the insertion fails. 832 * @return true on success. |
833 * on fail the item is free()ed. |
|
594 */ 595int cfg_strlist_append(struct config_strlist_head* list, char* item); 596 597/** | 834 */ 835int cfg_strlist_append(struct config_strlist_head* list, char* item); 836 837/** |
838 * Searches the end of a string list and appends the given text. 839 * @param head: pointer to strlist head variable. 840 * @param item: new item. malloced by caller. if NULL the insertion fails. 841 * @return true on success. 842 */ 843int cfg_strlist_append_ex(struct config_strlist** head, char* item); 844 845/** 846 * Find string in strlist. 847 * @param head: pointer to strlist head variable. 848 * @param item: the item to search for. 849 * @return: the element in the list when found, NULL otherwise. 850 */ 851struct config_strlist* cfg_strlist_find(struct config_strlist* head, 852 const char* item); 853 854/** |
|
598 * Insert string into strlist. 599 * @param head: pointer to strlist head variable. 600 * @param item: new item. malloced by caller. If NULL the insertion fails. 601 * @return: true on success. | 855 * Insert string into strlist. 856 * @param head: pointer to strlist head variable. 857 * @param item: new item. malloced by caller. If NULL the insertion fails. 858 * @return: true on success. |
859 * on fail, the item is free()d. |
|
602 */ 603int cfg_strlist_insert(struct config_strlist** head, char* item); 604 605/** insert with region for allocation. */ 606int cfg_region_strlist_insert(struct regional* region, 607 struct config_strlist** head, char* item); 608 609/** 610 * Insert string into str2list. 611 * @param head: pointer to str2list head variable. 612 * @param item: new item. malloced by caller. If NULL the insertion fails. 613 * @param i2: 2nd string, malloced by caller. If NULL the insertion fails. 614 * @return: true on success. | 860 */ 861int cfg_strlist_insert(struct config_strlist** head, char* item); 862 863/** insert with region for allocation. */ 864int cfg_region_strlist_insert(struct regional* region, 865 struct config_strlist** head, char* item); 866 867/** 868 * Insert string into str2list. 869 * @param head: pointer to str2list head variable. 870 * @param item: new item. malloced by caller. If NULL the insertion fails. 871 * @param i2: 2nd string, malloced by caller. If NULL the insertion fails. 872 * @return: true on success. |
873 * on fail, the item and i2 are free()d. |
|
615 */ 616int cfg_str2list_insert(struct config_str2list** head, char* item, char* i2); 617 618/** 619 * Insert string into str3list. 620 * @param head: pointer to str3list head variable. 621 * @param item: new item. malloced by caller. If NULL the insertion fails. 622 * @param i2: 2nd string, malloced by caller. If NULL the insertion fails. --- 54 unchanged lines hidden (view full) --- 677 678/** 679 * Delete items in config stub list. 680 * @param list: list. 681 */ 682void config_delstubs(struct config_stub* list); 683 684/** | 874 */ 875int cfg_str2list_insert(struct config_str2list** head, char* item, char* i2); 876 877/** 878 * Insert string into str3list. 879 * @param head: pointer to str3list head variable. 880 * @param item: new item. malloced by caller. If NULL the insertion fails. 881 * @param i2: 2nd string, malloced by caller. If NULL the insertion fails. --- 54 unchanged lines hidden (view full) --- 936 937/** 938 * Delete items in config stub list. 939 * @param list: list. 940 */ 941void config_delstubs(struct config_stub* list); 942 943/** |
944 * Delete an auth item 945 * @param p: auth item 946 */ 947void config_delauth(struct config_auth* p); 948 949/** 950 * Delete items in config auth list. 951 * @param list: list. 952 */ 953void config_delauths(struct config_auth* list); 954 955/** 956 * Delete a view item 957 * @param p: view item 958 */ 959void config_delview(struct config_view* p); 960 961/** 962 * Delete items in config view list. 963 * @param list: list. 964 */ 965void config_delviews(struct config_view* list); 966 967/** check if config for remote control turns on IP-address interface 968 * with certificates or a named pipe without certificates. */ 969int options_remote_is_address(struct config_file* cfg); 970 971/** |
|
685 * Convert 14digit to time value 686 * @param str: string of 14 digits 687 * @return time value or 0 for error. 688 */ 689time_t cfg_convert_timeval(const char* str); 690 691/** 692 * Count number of values in the string. --- 150 unchanged lines hidden (view full) --- 843 * @param qstate: query state. 844 * @param str: explanation string 845 * @param dname: the dname. 846 */ 847void errinf_dname(struct module_qstate* qstate, const char* str, 848 uint8_t* dname); 849 850/** | 972 * Convert 14digit to time value 973 * @param str: string of 14 digits 974 * @return time value or 0 for error. 975 */ 976time_t cfg_convert_timeval(const char* str); 977 978/** 979 * Count number of values in the string. --- 150 unchanged lines hidden (view full) --- 1130 * @param qstate: query state. 1131 * @param str: explanation string 1132 * @param dname: the dname. 1133 */ 1134void errinf_dname(struct module_qstate* qstate, const char* str, 1135 uint8_t* dname); 1136 1137/** |
851 * Create error info in string | 1138 * Create error info in string. For validation failures. |
852 * @param qstate: query state. 853 * @return string or NULL on malloc failure (already logged). 854 * This string is malloced and has to be freed by caller. 855 */ | 1139 * @param qstate: query state. 1140 * @return string or NULL on malloc failure (already logged). 1141 * This string is malloced and has to be freed by caller. 1142 */ |
856char* errinf_to_str(struct module_qstate* qstate); | 1143char* errinf_to_str_bogus(struct module_qstate* qstate); |
857 858/** | 1144 1145/** |
1146 * Create error info in string. For other servfails. 1147 * @param qstate: query state. 1148 * @return string or NULL on malloc failure (already logged). 1149 * This string is malloced and has to be freed by caller. 1150 */ 1151char* errinf_to_str_servfail(struct module_qstate* qstate); 1152 1153/** |
|
859 * Used during options parsing 860 */ 861struct config_parser_state { 862 /** name of file being parser */ 863 char* filename; 864 /** line number in the file, starts at 1 */ 865 int line; 866 /** number of errors encountered */ --- 32 unchanged lines hidden (view full) --- 899 * exist on an error (logged with log_err) was encountered. 900 */ 901char* w_lookup_reg_str(const char* key, const char* name); 902 903/** Modify directory in options for module file name */ 904void w_config_adjust_directory(struct config_file* cfg); 905#endif /* UB_ON_WINDOWS */ 906 | 1154 * Used during options parsing 1155 */ 1156struct config_parser_state { 1157 /** name of file being parser */ 1158 char* filename; 1159 /** line number in the file, starts at 1 */ 1160 int line; 1161 /** number of errors encountered */ --- 32 unchanged lines hidden (view full) --- 1194 * exist on an error (logged with log_err) was encountered. 1195 */ 1196char* w_lookup_reg_str(const char* key, const char* name); 1197 1198/** Modify directory in options for module file name */ 1199void w_config_adjust_directory(struct config_file* cfg); 1200#endif /* UB_ON_WINDOWS */ 1201 |
1202/** debug option for unit tests. */ 1203extern int fake_dsa, fake_sha1; 1204 |
|
907#endif /* UTIL_CONFIG_FILE_H */ | 1205#endif /* UTIL_CONFIG_FILE_H */ |
1206 |
|