config_file.h revision 356345 
1/*
2 * util/config_file.h - reads and stores the config file for unbound.
3 *
4 * Copyright (c) 2007, NLnet Labs. All rights reserved.
5 *
6 * This software is open source.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
14 *
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
18 *
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35
36/**
37 * \file
38 *
39 * This file contains functions for the config file.
40 */
41
42#ifndef UTIL_CONFIG_FILE_H
43#define UTIL_CONFIG_FILE_H
44struct config_stub;
45struct config_auth;
46struct config_view;
47struct config_strlist;
48struct config_str2list;
49struct config_str3list;
50struct config_strbytelist;
51struct module_qstate;
52struct sock_list;
53struct ub_packed_rrset_key;
54struct regional;
55
56/** List head for strlist processing, used for append operation. */
57struct config_strlist_head {
58	/** first in list of text items */
59	struct config_strlist* first;
60	/** last in list of text items */
61	struct config_strlist* last;
62};
63
64/**
65 * The configuration options.
66 * Strings are malloced.
67 */
68struct config_file {
69	/** verbosity level as specified in the config file */
70	int verbosity;
71
72	/** statistics interval (in seconds) */
73	int stat_interval;
74	/** if false, statistics values are reset after printing them */
75	int stat_cumulative;
76	/** if true, the statistics are kept in greater detail */
77	int stat_extended;
78
79	/** number of threads to create */
80	int num_threads;
81
82	/** port on which queries are answered. */
83	int port;
84	/** do ip4 query support. */
85	int do_ip4;
86	/** do ip6 query support. */
87	int do_ip6;
88	/** prefer ip6 upstream queries. */
89	int prefer_ip6;
90	/** do udp query support. */
91	int do_udp;
92	/** do tcp query support. */
93	int do_tcp;
94	/** tcp upstream queries (no UDP upstream queries) */
95	int tcp_upstream;
96	/** udp upstream enabled when no UDP downstream is enabled (do_udp no)*/
97	int udp_upstream_without_downstream;
98	/** maximum segment size of tcp socket which queries are answered */
99	int tcp_mss;
100	/** maximum segment size of tcp socket for outgoing queries */
101	int outgoing_tcp_mss;
102	/** tcp idle timeout, in msec */
103	int tcp_idle_timeout;
104	/** do edns tcp keepalive */
105	int do_tcp_keepalive;
106	/** tcp keepalive timeout, in msec */
107	int tcp_keepalive_timeout;
108
109	/** private key file for dnstcp-ssl service (enabled if not NULL) */
110	char* ssl_service_key;
111	/** public key file for dnstcp-ssl service */
112	char* ssl_service_pem;
113	/** port on which to provide ssl service */
114	int ssl_port;
115	/** if outgoing tcp connections use SSL */
116	int ssl_upstream;
117	/** cert bundle for outgoing connections */
118	char* tls_cert_bundle;
119	/** should the system certificate store get added to the cert bundle */
120	int tls_win_cert;
121	/** additional tls ports */
122	struct config_strlist* tls_additional_port;
123	/** secret key used to encrypt and decrypt TLS session ticket */
124	struct config_strlist_head tls_session_ticket_keys;
125	/** TLS ciphers */
126	char* tls_ciphers;
127	/** TLS chiphersuites (TLSv1.3) */
128	char* tls_ciphersuites;
129
130	/** outgoing port range number of ports (per thread) */
131	int outgoing_num_ports;
132	/** number of outgoing tcp buffers per (per thread) */
133	size_t outgoing_num_tcp;
134	/** number of incoming tcp buffers per (per thread) */
135	size_t incoming_num_tcp;
136	/** allowed udp port numbers, array with 0 if not allowed */
137	int* outgoing_avail_ports;
138
139	/** EDNS buffer size to use */
140	size_t edns_buffer_size;
141	/** size of the stream wait buffers, max */
142	size_t stream_wait_size;
143	/** number of bytes buffer size for DNS messages */
144	size_t msg_buffer_size;
145	/** size of the message cache */
146	size_t msg_cache_size;
147	/** slabs in the message cache. */
148	size_t msg_cache_slabs;
149	/** number of queries every thread can service */
150	size_t num_queries_per_thread;
151	/** number of msec to wait before items can be jostled out */
152	size_t jostle_time;
153	/** size of the rrset cache */
154	size_t rrset_cache_size;
155	/** slabs in the rrset cache */
156	size_t rrset_cache_slabs;
157	/** host cache ttl in seconds */
158	int host_ttl;
159	/** number of slabs in the infra host cache */
160	size_t infra_cache_slabs;
161	/** max number of hosts in the infra cache */
162	size_t infra_cache_numhosts;
163	/** min value for infra cache rtt */
164	int infra_cache_min_rtt;
165	/** delay close of udp-timeouted ports, if 0 no delayclose. in msec */
166	int delay_close;
167
168	/** the target fetch policy for the iterator */
169	char* target_fetch_policy;
170	/** percent*10, how many times in 1000 to pick from the fastest
171	 * destinations */
172	int fast_server_permil;
173	/** number of fastest server to select from */
174	size_t fast_server_num;
175
176	/** automatic interface for incoming messages. Uses ipv6 remapping,
177	 * and recvmsg/sendmsg ancillary data to detect interfaces, boolean */
178	int if_automatic;
179	/** SO_RCVBUF size to set on port 53 UDP socket */
180	size_t so_rcvbuf;
181	/** SO_SNDBUF size to set on port 53 UDP socket */
182	size_t so_sndbuf;
183	/** SO_REUSEPORT requested on port 53 sockets */
184	int so_reuseport;
185	/** IP_TRANSPARENT socket option requested on port 53 sockets */
186	int ip_transparent;
187	/** IP_FREEBIND socket option request on port 53 sockets */
188	int ip_freebind;
189
190	/** number of interfaces to open. If 0 default all interfaces. */
191	int num_ifs;
192	/** interface description strings (IP addresses) */
193	char **ifs;
194
195	/** number of outgoing interfaces to open.
196	 * If 0 default all interfaces. */
197	int num_out_ifs;
198	/** outgoing interface description strings (IP addresses) */
199	char **out_ifs;
200
201	/** the root hints */
202	struct config_strlist* root_hints;
203	/** the stub definitions, linked list */
204	struct config_stub* stubs;
205	/** the forward zone definitions, linked list */
206	struct config_stub* forwards;
207	/** the auth zone definitions, linked list */
208	struct config_auth* auths;
209	/** the views definitions, linked list */
210	struct config_view* views;
211	/** list of donotquery addresses, linked list */
212	struct config_strlist* donotqueryaddrs;
213#ifdef CLIENT_SUBNET
214	/** list of servers we send edns-client-subnet option to and
215	 * accept option from, linked list */
216	struct config_strlist* client_subnet;
217	/** list of zones we send edns-client-subnet option for */
218	struct config_strlist* client_subnet_zone;
219	/** opcode assigned by IANA for edns0-client-subnet option */
220	uint16_t client_subnet_opcode;
221	/** Do not check whitelist if incoming query contains an ECS record */
222	int client_subnet_always_forward;
223	/** Subnet length we are willing to give up privacy for */
224	uint8_t max_client_subnet_ipv4;
225	uint8_t max_client_subnet_ipv6;
226	/** Minimum subnet length we are willing to answer */
227	uint8_t min_client_subnet_ipv4;
228	uint8_t min_client_subnet_ipv6;
229	/** Max number of nodes in the ECS radix tree */
230	uint32_t max_ecs_tree_size_ipv4;
231	uint32_t max_ecs_tree_size_ipv6;
232#endif
233	/** list of access control entries, linked list */
234	struct config_str2list* acls;
235	/** use default localhost donotqueryaddr entries */
236	int donotquery_localhost;
237
238	/** list of tcp connection limitss, linked list */
239	struct config_str2list* tcp_connection_limits;
240
241	/** harden against very small edns buffer sizes */
242	int harden_short_bufsize;
243	/** harden against very large query sizes */
244	int harden_large_queries;
245	/** harden against spoofed glue (out of zone data) */
246	int harden_glue;
247	/** harden against receiving no DNSSEC data for trust anchor */
248	int harden_dnssec_stripped;
249	/** harden against queries that fall under known nxdomain names */
250	int harden_below_nxdomain;
251	/** harden the referral path, query for NS,A,AAAA and validate */
252	int harden_referral_path;
253	/** harden against algorithm downgrade */
254	int harden_algo_downgrade;
255	/** use 0x20 bits in query as random ID bits */
256	int use_caps_bits_for_id;
257	/** 0x20 whitelist, domains that do not use capsforid */
258	struct config_strlist* caps_whitelist;
259	/** strip away these private addrs from answers, no DNS Rebinding */
260	struct config_strlist* private_address;
261	/** allow domain (and subdomains) to use private address space */
262	struct config_strlist* private_domain;
263	/** what threshold for unwanted action. */
264	size_t unwanted_threshold;
265	/** the number of seconds maximal TTL used for RRsets and messages */
266	int max_ttl;
267	/** the number of seconds minimum TTL used for RRsets and messages */
268	int min_ttl;
269	/** the number of seconds maximal negative TTL for SOA in auth */
270	int max_negative_ttl;
271	/** if prefetching of messages should be performed. */
272	int prefetch;
273	/** if prefetching of DNSKEYs should be performed. */
274	int prefetch_key;
275	/** deny queries of type ANY with an empty answer */
276	int deny_any;
277
278	/** chrootdir, if not "" or chroot will be done */
279	char* chrootdir;
280	/** username to change to, if not "". */
281	char* username;
282	/** working directory */
283	char* directory;
284	/** filename to log to. */
285	char* logfile;
286	/** pidfile to write pid to. */
287	char* pidfile;
288
289	/** should log messages be sent to syslogd */
290	int use_syslog;
291	/** log timestamp in ascii UTC */
292	int log_time_ascii;
293	/** log queries with one line per query */
294	int log_queries;
295	/** log replies with one line per reply */
296	int log_replies;
297	/** tag log_queries and log_replies for filtering */
298	int log_tag_queryreply;
299	/** log every local-zone hit **/
300	int log_local_actions;
301	/** log servfails with a reason */
302	int log_servfail;
303	/** log identity to report */
304	char* log_identity;
305
306	/** do not report identity (id.server, hostname.bind) */
307	int hide_identity;
308	/** do not report version (version.server, version.bind) */
309	int hide_version;
310	/** do not report trustanchor (trustanchor.unbound) */
311	int hide_trustanchor;
312	/** identity, hostname is returned if "". */
313	char* identity;
314	/** version, package version returned if "". */
315	char* version;
316
317	/** the module configuration string */
318	char* module_conf;
319
320	/** files with trusted DS and DNSKEYs in zonefile format, list */
321	struct config_strlist* trust_anchor_file_list;
322	/** list of trustanchor keys, linked list */
323	struct config_strlist* trust_anchor_list;
324	/** files with 5011 autotrust tracked keys */
325	struct config_strlist* auto_trust_anchor_file_list;
326	/** files with trusted DNSKEYs in named.conf format, list */
327	struct config_strlist* trusted_keys_file_list;
328	/** DLV anchor file */
329	char* dlv_anchor_file;
330	/** DLV anchor inline */
331	struct config_strlist* dlv_anchor_list;
332	/** insecure domain list */
333	struct config_strlist* domain_insecure;
334	/** send key tag query */
335	int trust_anchor_signaling;
336	/** enable root key sentinel */
337	int root_key_sentinel;
338
339	/** if not 0, this value is the validation date for RRSIGs */
340	int32_t val_date_override;
341	/** the minimum for signature clock skew */
342	int32_t val_sig_skew_min;
343	/** the maximum for signature clock skew */
344	int32_t val_sig_skew_max;
345	/** this value sets the number of seconds before revalidating bogus */
346	int bogus_ttl;
347	/** should validator clean additional section for secure msgs */
348	int val_clean_additional;
349	/** log bogus messages by the validator */
350	int val_log_level;
351	/** squelch val_log_level to log - this is library goes to callback */
352	int val_log_squelch;
353	/** should validator allow bogus messages to go through */
354	int val_permissive_mode;
355	/** use cached NSEC records to synthesise (negative) answers */
356	int aggressive_nsec;
357	/** ignore the CD flag in incoming queries and refuse them bogus data */
358	int ignore_cd;
359	/** serve expired entries and prefetch them */
360	int serve_expired;
361	/** serve expired entries until TTL after expiration */
362	int serve_expired_ttl;
363	/** reset serve expired TTL after failed update attempt */
364	int serve_expired_ttl_reset;
365	/** nsec3 maximum iterations per key size, string */
366	char* val_nsec3_key_iterations;
367	/** autotrust add holddown time, in seconds */
368	unsigned int add_holddown;
369	/** autotrust del holddown time, in seconds */
370	unsigned int del_holddown;
371	/** autotrust keep_missing time, in seconds. 0 is forever. */
372	unsigned int keep_missing;
373	/** permit small holddown values, allowing 5011 rollover very fast */
374	int permit_small_holddown;
375
376	/** size of the key cache */
377	size_t key_cache_size;
378	/** slabs in the key cache. */
379	size_t key_cache_slabs;
380	/** size of the neg cache */
381	size_t neg_cache_size;
382
383	/** local zones config */
384	struct config_str2list* local_zones;
385	/** local zones nodefault list */
386	struct config_strlist* local_zones_nodefault;
387#ifdef USE_IPSET
388	/** local zones ipset list */
389	struct config_strlist* local_zones_ipset;
390#endif
391	/** do not add any default local zone */
392	int local_zones_disable_default;
393	/** local data RRs configured */
394	struct config_strlist* local_data;
395	/** local zone override types per netblock */
396	struct config_str3list* local_zone_overrides;
397	/** unblock lan zones (reverse lookups for AS112 zones) */
398	int unblock_lan_zones;
399	/** insecure lan zones (don't validate AS112 zones) */
400	int insecure_lan_zones;
401	/** list of zonename, tagbitlist */
402	struct config_strbytelist* local_zone_tags;
403	/** list of aclname, tagbitlist */
404	struct config_strbytelist* acl_tags;
405	/** list of aclname, tagname, localzonetype */
406	struct config_str3list* acl_tag_actions;
407	/** list of aclname, tagname, redirectdata */
408	struct config_str3list* acl_tag_datas;
409	/** list of aclname, view*/
410	struct config_str2list* acl_view;
411	/** list of IP-netblock, tagbitlist */
412	struct config_strbytelist* respip_tags;
413	/** list of response-driven access control entries, linked list */
414	struct config_str2list* respip_actions;
415	/** RRs configured for response-driven access controls */
416	struct config_str2list* respip_data;
417	/** tag list, array with tagname[i] is malloced string */
418	char** tagname;
419	/** number of items in the taglist */
420	int num_tags;
421
422	/** remote control section. enable toggle. */
423	int remote_control_enable;
424	/** the interfaces the remote control should listen on */
425	struct config_strlist_head control_ifs;
426	/** if the use-cert option is set */
427	int control_use_cert;
428	/** port number for the control port */
429	int control_port;
430	/** private key file for server */
431	char* server_key_file;
432	/** certificate file for server */
433	char* server_cert_file;
434	/** private key file for unbound-control */
435	char* control_key_file;
436	/** certificate file for unbound-control */
437	char* control_cert_file;
438
439	/** Python script file */
440	struct config_strlist* python_script;
441
442	/** Use systemd socket activation. */
443	int use_systemd;
444
445	/** daemonize, i.e. fork into the background. */
446	int do_daemonize;
447
448	/* minimal response when positive answer */
449	int minimal_responses;
450
451	/* RRSet roundrobin */
452	int rrset_roundrobin;
453
454	/* wait time for unknown server in msec */
455	int unknown_server_time_limit;
456
457	/* maximum UDP response size */
458	size_t max_udp_size;
459
460	/* DNS64 prefix */
461	char* dns64_prefix;
462
463	/* Synthetize all AAAA record despite the presence of an authoritative one */
464	int dns64_synthall;
465	/** ignore AAAAs for these domain names and use A record anyway */
466	struct config_strlist* dns64_ignore_aaaa;
467
468	/** true to enable dnstap support */
469	int dnstap;
470	/** dnstap socket path */
471	char* dnstap_socket_path;
472	/** true to send "identity" via dnstap */
473	int dnstap_send_identity;
474	/** true to send "version" via dnstap */
475	int dnstap_send_version;
476	/** dnstap "identity", hostname is used if "". */
477	char* dnstap_identity;
478	/** dnstap "version", package version is used if "". */
479	char* dnstap_version;
480
481	/** true to log dnstap RESOLVER_QUERY message events */
482	int dnstap_log_resolver_query_messages;
483	/** true to log dnstap RESOLVER_RESPONSE message events */
484	int dnstap_log_resolver_response_messages;
485	/** true to log dnstap CLIENT_QUERY message events */
486	int dnstap_log_client_query_messages;
487	/** true to log dnstap CLIENT_RESPONSE message events */
488	int dnstap_log_client_response_messages;
489	/** true to log dnstap FORWARDER_QUERY message events */
490	int dnstap_log_forwarder_query_messages;
491	/** true to log dnstap FORWARDER_RESPONSE message events */
492	int dnstap_log_forwarder_response_messages;
493
494	/** true to disable DNSSEC lameness check in iterator */
495	int disable_dnssec_lame_check;
496
497	/** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */
498	int ip_ratelimit;
499	/** number of slabs for ip_ratelimit cache */
500	size_t ip_ratelimit_slabs;
501	/** memory size in bytes for ip_ratelimit cache */
502	size_t ip_ratelimit_size;
503	/** ip_ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */
504	int ip_ratelimit_factor;
505
506	/** ratelimit for domains. 0 is off, otherwise qps (unless overridden) */
507	int ratelimit;
508	/** number of slabs for ratelimit cache */
509	size_t ratelimit_slabs;
510	/** memory size in bytes for ratelimit cache */
511	size_t ratelimit_size;
512	/** ratelimits for domain (exact match) */
513	struct config_str2list* ratelimit_for_domain;
514	/** ratelimits below domain */
515	struct config_str2list* ratelimit_below_domain;
516	/** ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */
517	int ratelimit_factor;
518	/** minimise outgoing QNAME and hide original QTYPE if possible */
519	int qname_minimisation;
520	/** minimise QNAME in strict mode, minimise according to RFC.
521	 *  Do not apply fallback */
522	int qname_minimisation_strict;
523	/** SHM data - true if shm is enabled */
524	int shm_enable;
525	/** SHM data - key for the shm */
526	int shm_key;
527
528	/** DNSCrypt */
529	/** true to enable dnscrypt */
530	int dnscrypt;
531	/** port on which to provide dnscrypt service */
532	int dnscrypt_port;
533	/** provider name 2.dnscrypt-cert.example.com */
534	char* dnscrypt_provider;
535	/** dnscrypt secret keys 1.key */
536	struct config_strlist* dnscrypt_secret_key;
537	/** dnscrypt provider certs 1.cert */
538	struct config_strlist* dnscrypt_provider_cert;
539	/** dnscrypt provider certs 1.cert which have been rotated and should not be
540	* advertised through DNS's providername TXT record but are required to be
541	* able to handle existing traffic using the old cert. */
542	struct config_strlist* dnscrypt_provider_cert_rotated;
543	/** memory size in bytes for dnscrypt shared secrets cache */
544	size_t dnscrypt_shared_secret_cache_size;
545	/** number of slabs for dnscrypt shared secrets cache */
546	size_t dnscrypt_shared_secret_cache_slabs;
547	/** memory size in bytes for dnscrypt nonces cache */
548	size_t dnscrypt_nonce_cache_size;
549	/** number of slabs for dnscrypt nonces cache */
550	size_t dnscrypt_nonce_cache_slabs;
551	/** IPsec module */
552#ifdef USE_IPSECMOD
553	/** false to bypass the IPsec module */
554	int ipsecmod_enabled;
555	/** whitelisted domains for ipsecmod */
556	struct config_strlist* ipsecmod_whitelist;
557	/** path to external hook */
558	char* ipsecmod_hook;
559	/** true to proceed even with a bogus IPSECKEY */
560	int ipsecmod_ignore_bogus;
561	/** max TTL for the A/AAAA records that call the hook */
562	int ipsecmod_max_ttl;
563	/** false to proceed even when ipsecmod_hook fails */
564	int ipsecmod_strict;
565#endif
566
567	/* cachedb module */
568#ifdef USE_CACHEDB
569	/** backend DB name */
570	char* cachedb_backend;
571	/** secret seed for hash key calculation */
572	char* cachedb_secret;
573#ifdef USE_REDIS
574	/** redis server's IP address or host name */
575	char* redis_server_host;
576	/** redis server's TCP port */
577	int redis_server_port;
578	/** timeout (in ms) for communication with the redis server */
579	int redis_timeout;
580#endif
581#endif
582
583	/* ipset module */
584#ifdef USE_IPSET
585	char* ipset_name_v4;
586	char* ipset_name_v6;
587#endif
588};
589
590/** from cfg username, after daemonize setup performed */
591extern uid_t cfg_uid;
592/** from cfg username, after daemonize setup performed */
593extern gid_t cfg_gid;
594/** debug and enable small timeouts */
595extern int autr_permit_small_holddown;
596/** size (in bytes) of stream wait buffers max */
597extern size_t stream_wait_max;
598
599/**
600 * Stub config options
601 */
602struct config_stub {
603	/** next in list */
604	struct config_stub* next;
605	/** domain name (in text) of the stub apex domain */
606	char* name;
607	/** list of stub nameserver hosts (domain name) */
608	struct config_strlist* hosts;
609	/** list of stub nameserver addresses (IP address) */
610	struct config_strlist* addrs;
611	/** if stub-prime is set */
612	int isprime;
613	/** if forward-first is set (failover to without if fails) */
614	int isfirst;
615	/** use SSL for queries to this stub */
616	int ssl_upstream;
617	/*** no cache */
618	int no_cache;
619};
620
621/**
622 * Auth config options
623 */
624struct config_auth {
625	/** next in list */
626	struct config_auth* next;
627	/** domain name (in text) of the auth apex domain */
628	char* name;
629	/** list of masters */
630	struct config_strlist* masters;
631	/** list of urls */
632	struct config_strlist* urls;
633	/** list of allow-notify */
634	struct config_strlist* allow_notify;
635	/** zonefile (or NULL) */
636	char* zonefile;
637	/** provide downstream answers */
638	int for_downstream;
639	/** provide upstream answers */
640	int for_upstream;
641	/** fallback to recursion to authorities if zone expired and other
642	 * reasons perhaps (like, query bogus) */
643	int fallback_enabled;
644};
645
646/**
647 * View config options
648 */
649struct config_view {
650	/** next in list */
651	struct config_view* next;
652	/** view name */
653	char* name;
654	/** local zones */
655	struct config_str2list* local_zones;
656	/** local data RRs */
657	struct config_strlist* local_data;
658	/** local zones nodefault list */
659	struct config_strlist* local_zones_nodefault;
660#ifdef USE_IPSET
661	/** local zones ipset list */
662	struct config_strlist* local_zones_ipset;
663#endif
664	/** Fallback to global local_zones when there is no match in the view
665	 * view specific tree. 1 for yes, 0 for no */
666	int isfirst;
667	/** predefined actions for particular IP address responses */
668	struct config_str2list* respip_actions;
669	/** data complementing the 'redirect' response IP actions */
670	struct config_str2list* respip_data;
671};
672
673/**
674 * List of strings for config options
675 */
676struct config_strlist {
677	/** next item in list */
678	struct config_strlist* next;
679	/** config option string */
680	char* str;
681};
682
683/**
684 * List of two strings for config options
685 */
686struct config_str2list {
687	/** next item in list */
688	struct config_str2list* next;
689	/** first string */
690	char* str;
691	/** second string */
692	char* str2;
693};
694
695/**
696 * List of three strings for config options
697 */
698struct config_str3list {
699	/** next item in list */
700	struct config_str3list* next;
701	/** first string */
702	char* str;
703	/** second string */
704	char* str2;
705	/** third string */
706	char* str3;
707};
708
709
710/**
711 * List of string, bytestring for config options
712 */
713struct config_strbytelist {
714	/** next item in list */
715	struct config_strbytelist* next;
716	/** first string */
717	char* str;
718	/** second bytestring */
719	uint8_t* str2;
720	size_t str2len;
721};
722
723/**
724 * Create config file structure. Filled with default values.
725 * @return: the new structure or NULL on memory error.
726 */
727struct config_file* config_create(void);
728
729/**
730 * Create config file structure for library use. Filled with default values.
731 * @return: the new structure or NULL on memory error.
732 */
733struct config_file* config_create_forlib(void);
734
735/**
736 * Read the config file from the specified filename.
737 * @param config: where options are stored into, must be freshly created.
738 * @param filename: name of configfile. If NULL nothing is done.
739 * @param chroot: if not NULL, the chroot dir currently in use (for include).
740 * @return: false on error. In that case errno is set, ENOENT means
741 * 	file not found.
742 */
743int config_read(struct config_file* config, const char* filename,
744	const char* chroot);
745
746/**
747 * Destroy the config file structure.
748 * @param config: to delete.
749 */
750void config_delete(struct config_file* config);
751
752/**
753 * Apply config to global constants; this routine is called in single thread.
754 * @param config: to apply. Side effect: global constants change.
755 */
756void config_apply(struct config_file* config);
757
758/**
759 * Find username, sets cfg_uid and cfg_gid.
760 * @param config: the config structure.
761 */
762void config_lookup_uid(struct config_file* config);
763
764/**
765 * Set the given keyword to the given value.
766 * @param config: where to store config
767 * @param option: option name, including the ':' character.
768 * @param value: value, this string is copied if needed, or parsed.
769 * 	The caller owns the value string.
770 * @return 0 on error (malloc or syntax error).
771 */
772int config_set_option(struct config_file* config, const char* option,
773	const char* value);
774
775/**
776 * Call print routine for the given option.
777 * @param cfg: config.
778 * @param opt: option name without trailing :.
779 *	This is different from config_set_option.
780 * @param func: print func, called as (str, arg) for every data element.
781 * @param arg: user argument for print func.
782 * @return false if the option name is not supported (syntax error).
783 */
784int config_get_option(struct config_file* cfg, const char* opt,
785	void (*func)(char*,void*), void* arg);
786
787/**
788 * Get an option and return strlist
789 * @param cfg: config file
790 * @param opt: option name.
791 * @param list: list is returned here. malloced, caller must free it.
792 * @return 0=OK, 1=syntax error, 2=malloc failed.
793 */
794int config_get_option_list(struct config_file* cfg, const char* opt,
795	struct config_strlist** list);
796
797/**
798 * Get an option and collate results into string
799 * @param cfg: config file
800 * @param opt: option name.
801 * @param str: string. malloced, caller must free it.
802 * @return 0=OK, 1=syntax error, 2=malloc failed.
803 */
804int config_get_option_collate(struct config_file* cfg, const char* opt,
805	char** str);
806
807/**
808 * function to print to a file, use as func with config_get_option.
809 * @param line: text to print. \n appended.
810 * @param arg: pass a FILE*, like stdout.
811 */
812void config_print_func(char* line, void* arg);
813
814/**
815 * function to collate the text strings into a strlist_head.
816 * @param line: text to append.
817 * @param arg: pass a strlist_head structure. zeroed on start.
818 */
819void config_collate_func(char* line, void* arg);
820
821/**
822 * take a strlist_head list and return a malloc string. separated with newline.
823 * @param list: strlist first to collate. zeroes return "".
824 * @return NULL on malloc failure. Or if malloc failure happened in strlist.
825 */
826char* config_collate_cat(struct config_strlist* list);
827
828/**
829 * Append text at end of list.
830 * @param list: list head. zeroed at start.
831 * @param item: new item. malloced by caller. if NULL the insertion fails.
832 * @return true on success.
833 * on fail the item is free()ed.
834 */
835int cfg_strlist_append(struct config_strlist_head* list, char* item);
836
837/**
838 * Searches the end of a string list and appends the given text.
839 * @param head: pointer to strlist head variable.
840 * @param item: new item. malloced by caller. if NULL the insertion fails.
841 * @return true on success.
842 */
843int cfg_strlist_append_ex(struct config_strlist** head, char* item);
844
845/**
846 * Find string in strlist.
847 * @param head: pointer to strlist head variable.
848 * @param item: the item to search for.
849 * @return: the element in the list when found, NULL otherwise.
850 */
851struct config_strlist* cfg_strlist_find(struct config_strlist* head,
852	const char* item);
853
854/**
855 * Insert string into strlist.
856 * @param head: pointer to strlist head variable.
857 * @param item: new item. malloced by caller. If NULL the insertion fails.
858 * @return: true on success.
859 * on fail, the item is free()d.
860 */
861int cfg_strlist_insert(struct config_strlist** head, char* item);
862
863/** insert with region for allocation. */
864int cfg_region_strlist_insert(struct regional* region,
865	struct config_strlist** head, char* item);
866
867/**
868 * Insert string into str2list.
869 * @param head: pointer to str2list head variable.
870 * @param item: new item. malloced by caller. If NULL the insertion fails.
871 * @param i2: 2nd string, malloced by caller. If NULL the insertion fails.
872 * @return: true on success.
873 * on fail, the item and i2 are free()d.
874 */
875int cfg_str2list_insert(struct config_str2list** head, char* item, char* i2);
876
877/**
878 * Insert string into str3list.
879 * @param head: pointer to str3list head variable.
880 * @param item: new item. malloced by caller. If NULL the insertion fails.
881 * @param i2: 2nd string, malloced by caller. If NULL the insertion fails.
882 * @param i3: 3rd string, malloced by caller. If NULL the insertion fails.
883 * @return: true on success.
884 */
885int cfg_str3list_insert(struct config_str3list** head, char* item, char* i2,
886	char* i3);
887
888/**
889 * Insert string into strbytelist.
890 * @param head: pointer to strbytelist head variable.
891 * @param item: new item. malloced by caller. If NULL the insertion fails.
892 * @param i2: 2nd string, malloced by caller. If NULL the insertion fails.
893 * @param i2len: length of the i2 bytestring.
894 * @return: true on success.
895 */
896int cfg_strbytelist_insert(struct config_strbytelist** head, char* item,
897	uint8_t* i2, size_t i2len);
898
899/**
900 * Find stub in config list, also returns prevptr (for deletion).
901 * @param pp: call routine with pointer to a pointer to the start of the list,
902 * 	if the stub is found, on exit, the value contains a pointer to the
903 * 	next pointer that points to the found element (or to the list start
904 * 	pointer if it is the first element).
905 * @param nm: name of stub to find.
906 * @return: pointer to config_stub if found, or NULL if not found.
907 */
908struct config_stub* cfg_stub_find(struct config_stub*** pp, const char* nm);
909
910/**
911 * Delete items in config string list.
912 * @param list: list.
913 */
914void config_delstrlist(struct config_strlist* list);
915
916/**
917 * Delete items in config double string list.
918 * @param list: list.
919 */
920void config_deldblstrlist(struct config_str2list* list);
921
922/**
923 * Delete items in config triple string list.
924 * @param list: list.
925 */
926void config_deltrplstrlist(struct config_str3list* list);
927
928/** delete stringbytelist */
929void config_del_strbytelist(struct config_strbytelist* list);
930
931/**
932 * Delete a stub item
933 * @param p: stub item
934 */
935void config_delstub(struct config_stub* p);
936
937/**
938 * Delete items in config stub list.
939 * @param list: list.
940 */
941void config_delstubs(struct config_stub* list);
942
943/**
944 * Delete an auth item
945 * @param p: auth item
946 */
947void config_delauth(struct config_auth* p);
948
949/**
950 * Delete items in config auth list.
951 * @param list: list.
952 */
953void config_delauths(struct config_auth* list);
954
955/**
956 * Delete a view item
957 * @param p: view item
958 */
959void config_delview(struct config_view* p);
960
961/**
962 * Delete items in config view list.
963 * @param list: list.
964 */
965void config_delviews(struct config_view* list);
966
967/** check if config for remote control turns on IP-address interface
968 * with certificates or a named pipe without certificates. */
969int options_remote_is_address(struct config_file* cfg);
970
971/**
972 * Convert 14digit to time value
973 * @param str: string of 14 digits
974 * @return time value or 0 for error.
975 */
976time_t cfg_convert_timeval(const char* str);
977
978/**
979 * Count number of values in the string.
980 * format ::= (sp num)+ sp
981 * num ::= [-](0-9)+
982 * sp ::= (space|tab)*
983 *
984 * @param str: string
985 * @return: 0 on parse error, or empty string, else
986 *	number of integer values in the string.
987 */
988int cfg_count_numbers(const char* str);
989
990/**
991 * Convert a 'nice' memory or file size into a bytecount
992 * From '100k' to 102400. and so on. Understands kKmMgG.
993 * k=1024, m=1024*1024, g=1024*1024*1024.
994 * @param str: string
995 * @param res: result is stored here, size in bytes.
996 * @return: true if parsed correctly, or 0 on a parse error (and an error
997 * is logged).
998 */
999int cfg_parse_memsize(const char* str, size_t* res);
1000
1001/**
1002 * Add a tag name to the config.  It is added at the end with a new ID value.
1003 * @param cfg: the config structure.
1004 * @param tag: string (which is copied) with the name.
1005 * @return: false on alloc failure.
1006 */
1007int config_add_tag(struct config_file* cfg, const char* tag);
1008
1009/**
1010 * Find tag ID in the tag list.
1011 * @param cfg: the config structure.
1012 * @param tag: string with tag name to search for.
1013 * @return: 0..(num_tags-1) with tag ID, or -1 if tagname is not found.
1014 */
1015int find_tag_id(struct config_file* cfg, const char* tag);
1016
1017/**
1018 * parse taglist from string into bytestring with bitlist.
1019 * @param cfg: the config structure (with tagnames)
1020 * @param str: the string to parse.  Parse puts 0 bytes in string.
1021 * @param listlen: returns length of in bytes.
1022 * @return malloced bytes with a bitlist of the tags.  or NULL on parse error
1023 * or malloc failure.
1024 */
1025uint8_t* config_parse_taglist(struct config_file* cfg, char* str,
1026	size_t* listlen);
1027
1028/**
1029 * convert tag bitlist to a malloced string with tag names.  For debug output.
1030 * @param cfg: the config structure (with tagnames)
1031 * @param taglist: the tag bitlist.
1032 * @param len: length of the tag bitlist.
1033 * @return malloced string or NULL.
1034 */
1035char* config_taglist2str(struct config_file* cfg, uint8_t* taglist,
1036	size_t len);
1037
1038/**
1039 * see if two taglists intersect (have tags in common).
1040 * @param list1: first tag bitlist.
1041 * @param list1len: length in bytes of first list.
1042 * @param list2: second tag bitlist.
1043 * @param list2len: length in bytes of second list.
1044 * @return true if there are tags in common, 0 if not.
1045 */
1046int taglist_intersect(uint8_t* list1, size_t list1len, uint8_t* list2,
1047	size_t list2len);
1048
1049/**
1050 * Parse local-zone directive into two strings and register it in the config.
1051 * @param cfg: to put it in.
1052 * @param val: argument strings to local-zone, "example.com nodefault".
1053 * @return: false on failure
1054 */
1055int cfg_parse_local_zone(struct config_file* cfg, const char* val);
1056
1057/**
1058 * Mark "number" or "low-high" as available or not in ports array.
1059 * @param str: string in input
1060 * @param allow: give true if this range is permitted.
1061 * @param avail: the array from cfg.
1062 * @param num: size of the array (65536).
1063 * @return: true if parsed correctly, or 0 on a parse error (and an error
1064 * is logged).
1065 */
1066int cfg_mark_ports(const char* str, int allow, int* avail, int num);
1067
1068/**
1069 * Get a condensed list of ports returned. allocated.
1070 * @param cfg: config file.
1071 * @param avail: the available ports array is returned here.
1072 * @return: number of ports in array or 0 on error.
1073 */
1074int cfg_condense_ports(struct config_file* cfg, int** avail);
1075
1076/**
1077 * Scan ports available
1078 * @param avail: the array from cfg.
1079 * @param num: size of the array (65536).
1080 * @return the number of ports available for use.
1081 */
1082int cfg_scan_ports(int* avail, int num);
1083
1084/**
1085 * Convert a filename to full pathname in original filesys
1086 * @param fname: the path name to convert.
1087 *      Must not be null or empty.
1088 * @param cfg: config struct for chroot and chdir (if set).
1089 * @param use_chdir: if false, only chroot is applied.
1090 * @return pointer to malloced buffer which is: [chroot][chdir]fname
1091 *      or NULL on malloc failure.
1092 */
1093char* fname_after_chroot(const char* fname, struct config_file* cfg,
1094	int use_chdir);
1095
1096/**
1097 * Convert a ptr shorthand into a full reverse-notation PTR record.
1098 * @param str: input string, "IP name"
1099 * @return: malloced string "reversed-ip-name PTR name"
1100 */
1101char* cfg_ptr_reverse(char* str);
1102
1103/**
1104 * Append text to the error info for validation.
1105 * @param qstate: query state.
1106 * @param str: copied into query region and appended.
1107 * Failures to allocate are logged.
1108 */
1109void errinf(struct module_qstate* qstate, const char* str);
1110
1111/**
1112 * Append text to error info:  from 1.2.3.4
1113 * @param qstate: query state.
1114 * @param origin: sock list with origin of trouble.
1115 *	Every element added.
1116 *	If NULL: nothing is added.
1117 *	if 0len element: 'from cache' is added.
1118 */
1119void errinf_origin(struct module_qstate* qstate, struct sock_list *origin);
1120
1121/**
1122 * Append text to error info:  for RRset name type class
1123 * @param qstate: query state.
1124 * @param rr: rrset_key.
1125 */
1126void errinf_rrset(struct module_qstate* qstate, struct ub_packed_rrset_key *rr);
1127
1128/**
1129 * Append text to error info:  str dname
1130 * @param qstate: query state.
1131 * @param str: explanation string
1132 * @param dname: the dname.
1133 */
1134void errinf_dname(struct module_qstate* qstate, const char* str,
1135	uint8_t* dname);
1136
1137/**
1138 * Create error info in string.  For validation failures.
1139 * @param qstate: query state.
1140 * @return string or NULL on malloc failure (already logged).
1141 *    This string is malloced and has to be freed by caller.
1142 */
1143char* errinf_to_str_bogus(struct module_qstate* qstate);
1144
1145/**
1146 * Create error info in string.  For other servfails.
1147 * @param qstate: query state.
1148 * @return string or NULL on malloc failure (already logged).
1149 *    This string is malloced and has to be freed by caller.
1150 */
1151char* errinf_to_str_servfail(struct module_qstate* qstate);
1152
1153/**
1154 * Used during options parsing
1155 */
1156struct config_parser_state {
1157	/** name of file being parser */
1158	char* filename;
1159	/** line number in the file, starts at 1 */
1160	int line;
1161	/** number of errors encountered */
1162	int errors;
1163	/** the result of parsing is stored here. */
1164	struct config_file* cfg;
1165	/** the current chroot dir (or NULL if none) */
1166	const char* chroot;
1167};
1168
1169/** global config parser object used during config parsing */
1170extern struct config_parser_state* cfg_parser;
1171/** init lex state */
1172void init_cfg_parse(void);
1173/** lex in file */
1174extern FILE* ub_c_in;
1175/** lex out file */
1176extern FILE* ub_c_out;
1177/** the yacc lex generated parse function */
1178int ub_c_parse(void);
1179/** the lexer function */
1180int ub_c_lex(void);
1181/** wrap function */
1182int ub_c_wrap(void);
1183/** parsing helpers: print error with file and line numbers */
1184void ub_c_error(const char* msg);
1185/** parsing helpers: print error with file and line numbers */
1186void ub_c_error_msg(const char* fmt, ...) ATTR_FORMAT(printf, 1, 2);
1187
1188#ifdef UB_ON_WINDOWS
1189/**
1190 * Obtain registry string (if it exists).
1191 * @param key: key string
1192 * @param name: name of value to fetch.
1193 * @return malloced string with the result or NULL if it did not
1194 * 	exist on an error (logged with log_err) was encountered.
1195 */
1196char* w_lookup_reg_str(const char* key, const char* name);
1197
1198/** Modify directory in options for module file name */
1199void w_config_adjust_directory(struct config_file* cfg);
1200#endif /* UB_ON_WINDOWS */
1201
1202/** debug option for unit tests. */
1203extern int fake_dsa, fake_sha1;
1204
1205#endif /* UTIL_CONFIG_FILE_H */
1206
1207