1%{ 2/* 3 * configlexer.lex - lexical analyzer for unbound config file 4 * 5 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved 6 * 7 * See LICENSE for the license. 8 * 9 */ 10#include "config.h" 11 12/* because flex keeps having sign-unsigned compare problems that are unfixed*/ 13#if defined(__clang__)||(defined(__GNUC__)&&((__GNUC__ >4)||(defined(__GNUC_MINOR__)&&(__GNUC__ ==4)&&(__GNUC_MINOR__ >=2)))) 14#pragma GCC diagnostic ignored "-Wsign-compare" 15#endif 16 17#include <ctype.h> 18#include <strings.h> 19#ifdef HAVE_GLOB_H 20# include <glob.h> 21#endif 22 23#include "util/config_file.h" 24#include "configparser.h" 25void ub_c_error(const char *message); 26 27#if 0 28#define LEXOUT(s) printf s /* used ONLY when debugging */ 29#else 30#define LEXOUT(s) 31#endif 32 33/** avoid warning in about fwrite return value */ 34#define ECHO ub_c_error_msg("syntax error at text: %s", ub_c_text) 35 36/** A parser variable, this is a statement in the config file which is 37 * of the form variable: value1 value2 ... nargs is the number of values. */ 38#define YDVAR(nargs, var) \ 39 num_args=(nargs); \ 40 LEXOUT(("v(%s%d) ", ub_c_text, num_args)); \ 41 if(num_args > 0) { BEGIN(val); } \ 42 return (var); 43 44struct inc_state { 45 char* filename; 46 int line; 47 YY_BUFFER_STATE buffer; 48 struct inc_state* next; 49 int inc_toplevel; 50}; 51static struct inc_state* config_include_stack = NULL; 52static int inc_depth = 0; 53static int inc_prev = 0; 54static int num_args = 0; 55static int inc_toplevel = 0; 56 57void init_cfg_parse(void) 58{ 59 config_include_stack = NULL; 60 inc_depth = 0; 61 inc_prev = 0; 62 num_args = 0; 63 inc_toplevel = 0; 64} 65 66static void config_start_include(const char* filename, int toplevel) 67{ 68 FILE *input; 69 struct inc_state* s; 70 char* nm; 71 if(inc_depth+1 > 100000) { 72 ub_c_error_msg("too many include files"); 73 return; 74 } 75 if(*filename == '\0') { 76 ub_c_error_msg("empty include file name"); 77 return; 78 } 79 s = (struct inc_state*)malloc(sizeof(*s)); 80 if(!s) { 81 ub_c_error_msg("include %s: malloc failure", filename); 82 return; 83 } 84 if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, 85 strlen(cfg_parser->chroot)) == 0) { 86 filename += strlen(cfg_parser->chroot); 87 } 88 nm = strdup(filename); 89 if(!nm) { 90 ub_c_error_msg("include %s: strdup failure", filename); 91 free(s); 92 return; 93 } 94 input = fopen(filename, "r"); 95 if(!input) { 96 ub_c_error_msg("cannot open include file '%s': %s", 97 filename, strerror(errno)); 98 free(s); 99 free(nm); 100 return; 101 } 102 LEXOUT(("switch_to_include_file(%s)\n", filename)); 103 inc_depth++; 104 s->filename = cfg_parser->filename; 105 s->line = cfg_parser->line; 106 s->buffer = YY_CURRENT_BUFFER; 107 s->inc_toplevel = inc_toplevel; 108 s->next = config_include_stack; 109 config_include_stack = s; 110 cfg_parser->filename = nm; 111 cfg_parser->line = 1; 112 inc_toplevel = toplevel; 113 yy_switch_to_buffer(yy_create_buffer(input, YY_BUF_SIZE)); 114} 115 116static void config_start_include_glob(const char* filename, int toplevel) 117{ 118 119 /* check for wildcards */ 120#ifdef HAVE_GLOB 121 glob_t g; 122 int i, r, flags; 123 if(!(!strchr(filename, '*') && !strchr(filename, '?') && !strchr(filename, '[') && 124 !strchr(filename, '{') && !strchr(filename, '~'))) { 125 flags = 0 126#ifdef GLOB_ERR 127 | GLOB_ERR 128#endif 129 /* do not set GLOB_NOSORT so the results are sorted 130 and in a predictable order. */ 131#ifdef GLOB_BRACE 132 | GLOB_BRACE 133#endif 134#ifdef GLOB_TILDE 135 | GLOB_TILDE 136#endif 137 ; 138 memset(&g, 0, sizeof(g)); 139 if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, 140 strlen(cfg_parser->chroot)) == 0) { 141 filename += strlen(cfg_parser->chroot); 142 } 143 r = glob(filename, flags, NULL, &g); 144 if(r) { 145 /* some error */ 146 globfree(&g); 147 if(r == GLOB_NOMATCH) 148 return; /* no matches for pattern */ 149 config_start_include(filename, toplevel); /* let original deal with it */ 150 return; 151 } 152 /* process files found, if any */ 153 for(i=(int)g.gl_pathc-1; i>=0; i--) { 154 config_start_include(g.gl_pathv[i], toplevel); 155 } 156 globfree(&g); 157 return; 158 } 159#endif /* HAVE_GLOB */ 160 161 config_start_include(filename, toplevel); 162} 163 164static void config_end_include(void) 165{ 166 struct inc_state* s = config_include_stack; 167 --inc_depth; 168 if(!s) return; 169 free(cfg_parser->filename); 170 cfg_parser->filename = s->filename; 171 cfg_parser->line = s->line; 172 yy_delete_buffer(YY_CURRENT_BUFFER); 173 yy_switch_to_buffer(s->buffer); 174 config_include_stack = s->next; 175 inc_toplevel = s->inc_toplevel; 176 free(s); 177} 178 179#ifndef yy_set_bol /* compat definition, for flex 2.4.6 */ 180#define yy_set_bol(at_bol) \ 181 { \ 182 if ( ! yy_current_buffer ) \ 183 yy_current_buffer = yy_create_buffer( ub_c_in, YY_BUF_SIZE ); \ 184 yy_current_buffer->yy_ch_buf[0] = ((at_bol)?'\n':' '); \ 185 } 186#endif 187 188%} 189%option noinput 190%option nounput 191%{ 192#ifndef YY_NO_UNPUT 193#define YY_NO_UNPUT 1 194#endif 195#ifndef YY_NO_INPUT 196#define YY_NO_INPUT 1 197#endif 198%} 199 200SPACE [ \t] 201LETTER [a-zA-Z] 202UNQUOTEDLETTER [^\'\"\n\r \t\\]|\\. 203UNQUOTEDLETTER_NOCOLON [^\:\'\"\n\r \t\\]|\\. 204NEWLINE [\r\n] 205COMMENT \# 206COLON \: 207DQANY [^\"\n\r\\]|\\. 208SQANY [^\'\n\r\\]|\\. 209 210%x quotedstring singlequotedstr include include_quoted val include_toplevel include_toplevel_quoted 211 212%% 213<INITIAL,val>{SPACE}* { 214 LEXOUT(("SP ")); /* ignore */ } 215<INITIAL,val>{SPACE}*{COMMENT}.* { 216 /* note that flex makes the longest match and '.' is any but not nl */ 217 LEXOUT(("comment(%s) ", ub_c_text)); /* ignore */ } 218server{COLON} { YDVAR(0, VAR_SERVER) } 219qname-minimisation{COLON} { YDVAR(1, VAR_QNAME_MINIMISATION) } 220qname-minimisation-strict{COLON} { YDVAR(1, VAR_QNAME_MINIMISATION_STRICT) } 221num-threads{COLON} { YDVAR(1, VAR_NUM_THREADS) } 222verbosity{COLON} { YDVAR(1, VAR_VERBOSITY) } 223port{COLON} { YDVAR(1, VAR_PORT) } 224outgoing-range{COLON} { YDVAR(1, VAR_OUTGOING_RANGE) } 225outgoing-port-permit{COLON} { YDVAR(1, VAR_OUTGOING_PORT_PERMIT) } 226outgoing-port-avoid{COLON} { YDVAR(1, VAR_OUTGOING_PORT_AVOID) } 227outgoing-num-tcp{COLON} { YDVAR(1, VAR_OUTGOING_NUM_TCP) } 228incoming-num-tcp{COLON} { YDVAR(1, VAR_INCOMING_NUM_TCP) } 229do-ip4{COLON} { YDVAR(1, VAR_DO_IP4) } 230do-ip6{COLON} { YDVAR(1, VAR_DO_IP6) } 231prefer-ip4{COLON} { YDVAR(1, VAR_PREFER_IP4) } 232prefer-ip6{COLON} { YDVAR(1, VAR_PREFER_IP6) } 233do-udp{COLON} { YDVAR(1, VAR_DO_UDP) } 234do-tcp{COLON} { YDVAR(1, VAR_DO_TCP) } 235tcp-upstream{COLON} { YDVAR(1, VAR_TCP_UPSTREAM) } 236tcp-mss{COLON} { YDVAR(1, VAR_TCP_MSS) } 237outgoing-tcp-mss{COLON} { YDVAR(1, VAR_OUTGOING_TCP_MSS) } 238tcp-idle-timeout{COLON} { YDVAR(1, VAR_TCP_IDLE_TIMEOUT) } 239edns-tcp-keepalive{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) } 240edns-tcp-keepalive-timeout{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) } 241ssl-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } 242tls-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } 243ssl-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) } 244tls-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) } 245ssl-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) } 246tls-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) } 247ssl-port{COLON} { YDVAR(1, VAR_SSL_PORT) } 248tls-port{COLON} { YDVAR(1, VAR_SSL_PORT) } 249ssl-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) } 250tls-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) } 251tls-win-cert{COLON} { YDVAR(1, VAR_TLS_WIN_CERT) } 252additional-ssl-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } 253additional-tls-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } 254tls-additional-ports{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } 255tls-additional-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } 256tls-session-ticket-keys{COLON} { YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) } 257tls-ciphers{COLON} { YDVAR(1, VAR_TLS_CIPHERS) } 258tls-ciphersuites{COLON} { YDVAR(1, VAR_TLS_CIPHERSUITES) } 259tls-use-sni{COLON} { YDVAR(1, VAR_TLS_USE_SNI) } 260https-port{COLON} { YDVAR(1, VAR_HTTPS_PORT) } 261http-endpoint{COLON} { YDVAR(1, VAR_HTTP_ENDPOINT) } 262http-max-streams{COLON} { YDVAR(1, VAR_HTTP_MAX_STREAMS) } 263http-query-buffer-size{COLON} { YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) } 264http-response-buffer-size{COLON} { YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) } 265http-nodelay{COLON} { YDVAR(1, VAR_HTTP_NODELAY) } 266http-notls-downstream{COLON} { YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) } 267use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) } 268do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) } 269interface{COLON} { YDVAR(1, VAR_INTERFACE) } 270ip-address{COLON} { YDVAR(1, VAR_INTERFACE) } 271outgoing-interface{COLON} { YDVAR(1, VAR_OUTGOING_INTERFACE) } 272interface-automatic{COLON} { YDVAR(1, VAR_INTERFACE_AUTOMATIC) } 273so-rcvbuf{COLON} { YDVAR(1, VAR_SO_RCVBUF) } 274so-sndbuf{COLON} { YDVAR(1, VAR_SO_SNDBUF) } 275so-reuseport{COLON} { YDVAR(1, VAR_SO_REUSEPORT) } 276ip-transparent{COLON} { YDVAR(1, VAR_IP_TRANSPARENT) } 277ip-freebind{COLON} { YDVAR(1, VAR_IP_FREEBIND) } 278ip-dscp{COLON} { YDVAR(1, VAR_IP_DSCP) } 279chroot{COLON} { YDVAR(1, VAR_CHROOT) } 280username{COLON} { YDVAR(1, VAR_USERNAME) } 281directory{COLON} { YDVAR(1, VAR_DIRECTORY) } 282logfile{COLON} { YDVAR(1, VAR_LOGFILE) } 283pidfile{COLON} { YDVAR(1, VAR_PIDFILE) } 284root-hints{COLON} { YDVAR(1, VAR_ROOT_HINTS) } 285stream-wait-size{COLON} { YDVAR(1, VAR_STREAM_WAIT_SIZE) } 286edns-buffer-size{COLON} { YDVAR(1, VAR_EDNS_BUFFER_SIZE) } 287msg-buffer-size{COLON} { YDVAR(1, VAR_MSG_BUFFER_SIZE) } 288msg-cache-size{COLON} { YDVAR(1, VAR_MSG_CACHE_SIZE) } 289msg-cache-slabs{COLON} { YDVAR(1, VAR_MSG_CACHE_SLABS) } 290rrset-cache-size{COLON} { YDVAR(1, VAR_RRSET_CACHE_SIZE) } 291rrset-cache-slabs{COLON} { YDVAR(1, VAR_RRSET_CACHE_SLABS) } 292cache-max-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_TTL) } 293cache-max-negative-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } 294cache-min-ttl{COLON} { YDVAR(1, VAR_CACHE_MIN_TTL) } 295infra-host-ttl{COLON} { YDVAR(1, VAR_INFRA_HOST_TTL) } 296infra-lame-ttl{COLON} { YDVAR(1, VAR_INFRA_LAME_TTL) } 297infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) } 298infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } 299infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } 300infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } 301infra-keep-probing{COLON} { YDVAR(1, VAR_INFRA_KEEP_PROBING) } 302num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } 303jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) } 304delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) } 305udp-connect{COLON} { YDVAR(1, VAR_UDP_CONNECT) } 306target-fetch-policy{COLON} { YDVAR(1, VAR_TARGET_FETCH_POLICY) } 307harden-short-bufsize{COLON} { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } 308harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } 309harden-glue{COLON} { YDVAR(1, VAR_HARDEN_GLUE) } 310harden-dnssec-stripped{COLON} { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } 311harden-below-nxdomain{COLON} { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } 312harden-referral-path{COLON} { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } 313harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } 314use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } 315caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } 316caps-exempt{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } 317unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } 318private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) } 319private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } 320prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } 321prefetch{COLON} { YDVAR(1, VAR_PREFETCH) } 322deny-any{COLON} { YDVAR(1, VAR_DENY_ANY) } 323stub-zone{COLON} { YDVAR(0, VAR_STUB_ZONE) } 324name{COLON} { YDVAR(1, VAR_NAME) } 325stub-addr{COLON} { YDVAR(1, VAR_STUB_ADDR) } 326stub-host{COLON} { YDVAR(1, VAR_STUB_HOST) } 327stub-prime{COLON} { YDVAR(1, VAR_STUB_PRIME) } 328stub-first{COLON} { YDVAR(1, VAR_STUB_FIRST) } 329stub-no-cache{COLON} { YDVAR(1, VAR_STUB_NO_CACHE) } 330stub-ssl-upstream{COLON} { YDVAR(1, VAR_STUB_SSL_UPSTREAM) } 331stub-tls-upstream{COLON} { YDVAR(1, VAR_STUB_SSL_UPSTREAM) } 332forward-zone{COLON} { YDVAR(0, VAR_FORWARD_ZONE) } 333forward-addr{COLON} { YDVAR(1, VAR_FORWARD_ADDR) } 334forward-host{COLON} { YDVAR(1, VAR_FORWARD_HOST) } 335forward-first{COLON} { YDVAR(1, VAR_FORWARD_FIRST) } 336forward-no-cache{COLON} { YDVAR(1, VAR_FORWARD_NO_CACHE) } 337forward-ssl-upstream{COLON} { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } 338forward-tls-upstream{COLON} { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } 339auth-zone{COLON} { YDVAR(0, VAR_AUTH_ZONE) } 340rpz{COLON} { YDVAR(0, VAR_RPZ) } 341tags{COLON} { YDVAR(1, VAR_TAGS) } 342rpz-action-override{COLON} { YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) } 343rpz-cname-override{COLON} { YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) } 344rpz-log{COLON} { YDVAR(1, VAR_RPZ_LOG) } 345rpz-log-name{COLON} { YDVAR(1, VAR_RPZ_LOG_NAME) } 346zonefile{COLON} { YDVAR(1, VAR_ZONEFILE) } 347master{COLON} { YDVAR(1, VAR_MASTER) } 348primary{COLON} { YDVAR(1, VAR_MASTER) } 349url{COLON} { YDVAR(1, VAR_URL) } 350allow-notify{COLON} { YDVAR(1, VAR_ALLOW_NOTIFY) } 351for-downstream{COLON} { YDVAR(1, VAR_FOR_DOWNSTREAM) } 352for-upstream{COLON} { YDVAR(1, VAR_FOR_UPSTREAM) } 353fallback-enabled{COLON} { YDVAR(1, VAR_FALLBACK_ENABLED) } 354view{COLON} { YDVAR(0, VAR_VIEW) } 355view-first{COLON} { YDVAR(1, VAR_VIEW_FIRST) } 356do-not-query-address{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } 357do-not-query-localhost{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } 358access-control{COLON} { YDVAR(2, VAR_ACCESS_CONTROL) } 359send-client-subnet{COLON} { YDVAR(1, VAR_SEND_CLIENT_SUBNET) } 360client-subnet-zone{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } 361client-subnet-always-forward{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } 362client-subnet-opcode{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } 363max-client-subnet-ipv4{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } 364max-client-subnet-ipv6{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } 365min-client-subnet-ipv4{COLON} { YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) } 366min-client-subnet-ipv6{COLON} { YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) } 367max-ecs-tree-size-ipv4{COLON} { YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) } 368max-ecs-tree-size-ipv6{COLON} { YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } 369hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) } 370hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) } 371hide-trustanchor{COLON} { YDVAR(1, VAR_HIDE_TRUSTANCHOR) } 372identity{COLON} { YDVAR(1, VAR_IDENTITY) } 373version{COLON} { YDVAR(1, VAR_VERSION) } 374module-config{COLON} { YDVAR(1, VAR_MODULE_CONF) } 375dlv-anchor{COLON} { YDVAR(1, VAR_DLV_ANCHOR) } 376dlv-anchor-file{COLON} { YDVAR(1, VAR_DLV_ANCHOR_FILE) } 377trust-anchor-file{COLON} { YDVAR(1, VAR_TRUST_ANCHOR_FILE) } 378auto-trust-anchor-file{COLON} { YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } 379trusted-keys-file{COLON} { YDVAR(1, VAR_TRUSTED_KEYS_FILE) } 380trust-anchor{COLON} { YDVAR(1, VAR_TRUST_ANCHOR) } 381trust-anchor-signaling{COLON} { YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } 382root-key-sentinel{COLON} { YDVAR(1, VAR_ROOT_KEY_SENTINEL) } 383val-override-date{COLON} { YDVAR(1, VAR_VAL_OVERRIDE_DATE) } 384val-sig-skew-min{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } 385val-sig-skew-max{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } 386val-bogus-ttl{COLON} { YDVAR(1, VAR_BOGUS_TTL) } 387val-clean-additional{COLON} { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } 388val-permissive-mode{COLON} { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } 389aggressive-nsec{COLON} { YDVAR(1, VAR_AGGRESSIVE_NSEC) } 390ignore-cd-flag{COLON} { YDVAR(1, VAR_IGNORE_CD_FLAG) } 391serve-expired{COLON} { YDVAR(1, VAR_SERVE_EXPIRED) } 392serve-expired-ttl{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_TTL) } 393serve-expired-ttl-reset{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } 394serve-expired-reply-ttl{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) } 395serve-expired-client-timeout{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) } 396serve-original-ttl{COLON} { YDVAR(1, VAR_SERVE_ORIGINAL_TTL) } 397fake-dsa{COLON} { YDVAR(1, VAR_FAKE_DSA) } 398fake-sha1{COLON} { YDVAR(1, VAR_FAKE_SHA1) } 399val-log-level{COLON} { YDVAR(1, VAR_VAL_LOG_LEVEL) } 400key-cache-size{COLON} { YDVAR(1, VAR_KEY_CACHE_SIZE) } 401key-cache-slabs{COLON} { YDVAR(1, VAR_KEY_CACHE_SLABS) } 402neg-cache-size{COLON} { YDVAR(1, VAR_NEG_CACHE_SIZE) } 403val-nsec3-keysize-iterations{COLON} { 404 YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } 405add-holddown{COLON} { YDVAR(1, VAR_ADD_HOLDDOWN) } 406del-holddown{COLON} { YDVAR(1, VAR_DEL_HOLDDOWN) } 407keep-missing{COLON} { YDVAR(1, VAR_KEEP_MISSING) } 408permit-small-holddown{COLON} { YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } 409use-syslog{COLON} { YDVAR(1, VAR_USE_SYSLOG) } 410log-identity{COLON} { YDVAR(1, VAR_LOG_IDENTITY) } 411log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) } 412log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) } 413log-replies{COLON} { YDVAR(1, VAR_LOG_REPLIES) } 414log-tag-queryreply{COLON} { YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } 415log-local-actions{COLON} { YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } 416log-servfail{COLON} { YDVAR(1, VAR_LOG_SERVFAIL) } 417local-zone{COLON} { YDVAR(2, VAR_LOCAL_ZONE) } 418local-data{COLON} { YDVAR(1, VAR_LOCAL_DATA) } 419local-data-ptr{COLON} { YDVAR(1, VAR_LOCAL_DATA_PTR) } 420unblock-lan-zones{COLON} { YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } 421insecure-lan-zones{COLON} { YDVAR(1, VAR_INSECURE_LAN_ZONES) } 422statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) } 423statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) } 424extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) } 425shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) } 426shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) } 427remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) } 428control-enable{COLON} { YDVAR(1, VAR_CONTROL_ENABLE) } 429control-interface{COLON} { YDVAR(1, VAR_CONTROL_INTERFACE) } 430control-port{COLON} { YDVAR(1, VAR_CONTROL_PORT) } 431control-use-cert{COLON} { YDVAR(1, VAR_CONTROL_USE_CERT) } 432server-key-file{COLON} { YDVAR(1, VAR_SERVER_KEY_FILE) } 433server-cert-file{COLON} { YDVAR(1, VAR_SERVER_CERT_FILE) } 434control-key-file{COLON} { YDVAR(1, VAR_CONTROL_KEY_FILE) } 435control-cert-file{COLON} { YDVAR(1, VAR_CONTROL_CERT_FILE) } 436python-script{COLON} { YDVAR(1, VAR_PYTHON_SCRIPT) } 437python{COLON} { YDVAR(0, VAR_PYTHON) } 438dynlib-file{COLON} { YDVAR(1, VAR_DYNLIB_FILE) } 439dynlib{COLON} { YDVAR(0, VAR_DYNLIB) } 440domain-insecure{COLON} { YDVAR(1, VAR_DOMAIN_INSECURE) } 441minimal-responses{COLON} { YDVAR(1, VAR_MINIMAL_RESPONSES) } 442rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) } 443unknown-server-time-limit{COLON} { YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } 444max-udp-size{COLON} { YDVAR(1, VAR_MAX_UDP_SIZE) } 445dns64-prefix{COLON} { YDVAR(1, VAR_DNS64_PREFIX) } 446dns64-synthall{COLON} { YDVAR(1, VAR_DNS64_SYNTHALL) } 447dns64-ignore-aaaa{COLON} { YDVAR(1, VAR_DNS64_IGNORE_AAAA) } 448define-tag{COLON} { YDVAR(1, VAR_DEFINE_TAG) } 449local-zone-tag{COLON} { YDVAR(2, VAR_LOCAL_ZONE_TAG) } 450access-control-tag{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_TAG) } 451access-control-tag-action{COLON} { YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } 452access-control-tag-data{COLON} { YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } 453access-control-view{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } 454local-zone-override{COLON} { YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } 455dnstap{COLON} { YDVAR(0, VAR_DNSTAP) } 456dnstap-enable{COLON} { YDVAR(1, VAR_DNSTAP_ENABLE) } 457dnstap-bidirectional{COLON} { YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } 458dnstap-socket-path{COLON} { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } 459dnstap-ip{COLON} { YDVAR(1, VAR_DNSTAP_IP) } 460dnstap-tls{COLON} { YDVAR(1, VAR_DNSTAP_TLS) } 461dnstap-tls-server-name{COLON} { YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } 462dnstap-tls-cert-bundle{COLON} { YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } 463dnstap-tls-client-key-file{COLON} { 464 YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } 465dnstap-tls-client-cert-file{COLON} { 466 YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } 467dnstap-send-identity{COLON} { YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } 468dnstap-send-version{COLON} { YDVAR(1, VAR_DNSTAP_SEND_VERSION) } 469dnstap-identity{COLON} { YDVAR(1, VAR_DNSTAP_IDENTITY) } 470dnstap-version{COLON} { YDVAR(1, VAR_DNSTAP_VERSION) } 471dnstap-log-resolver-query-messages{COLON} { 472 YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } 473dnstap-log-resolver-response-messages{COLON} { 474 YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } 475dnstap-log-client-query-messages{COLON} { 476 YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } 477dnstap-log-client-response-messages{COLON} { 478 YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } 479dnstap-log-forwarder-query-messages{COLON} { 480 YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } 481dnstap-log-forwarder-response-messages{COLON} { 482 YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } 483disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } 484ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } 485ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } 486ip-ratelimit-slabs{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SLABS) } 487ratelimit-slabs{COLON} { YDVAR(1, VAR_RATELIMIT_SLABS) } 488ip-ratelimit-size{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SIZE) } 489ratelimit-size{COLON} { YDVAR(1, VAR_RATELIMIT_SIZE) } 490ratelimit-for-domain{COLON} { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } 491ratelimit-below-domain{COLON} { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } 492ip-ratelimit-factor{COLON} { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } 493ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) } 494low-rtt{COLON} { YDVAR(1, VAR_LOW_RTT) } 495fast-server-num{COLON} { YDVAR(1, VAR_FAST_SERVER_NUM) } 496low-rtt-pct{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) } 497low-rtt-permil{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) } 498fast-server-permil{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) } 499response-ip-tag{COLON} { YDVAR(2, VAR_RESPONSE_IP_TAG) } 500response-ip{COLON} { YDVAR(2, VAR_RESPONSE_IP) } 501response-ip-data{COLON} { YDVAR(2, VAR_RESPONSE_IP_DATA) } 502dnscrypt{COLON} { YDVAR(0, VAR_DNSCRYPT) } 503dnscrypt-enable{COLON} { YDVAR(1, VAR_DNSCRYPT_ENABLE) } 504dnscrypt-port{COLON} { YDVAR(1, VAR_DNSCRYPT_PORT) } 505dnscrypt-provider{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER) } 506dnscrypt-secret-key{COLON} { YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } 507dnscrypt-provider-cert{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } 508dnscrypt-provider-cert-rotated{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } 509dnscrypt-shared-secret-cache-size{COLON} { 510 YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } 511dnscrypt-shared-secret-cache-slabs{COLON} { 512 YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } 513dnscrypt-nonce-cache-size{COLON} { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } 514dnscrypt-nonce-cache-slabs{COLON} { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } 515pad-responses{COLON} { YDVAR(1, VAR_PAD_RESPONSES) } 516pad-responses-block-size{COLON} { YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) } 517pad-queries{COLON} { YDVAR(1, VAR_PAD_QUERIES) } 518pad-queries-block-size{COLON} { YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) } 519ipsecmod-enabled{COLON} { YDVAR(1, VAR_IPSECMOD_ENABLED) } 520ipsecmod-ignore-bogus{COLON} { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } 521ipsecmod-hook{COLON} { YDVAR(1, VAR_IPSECMOD_HOOK) } 522ipsecmod-max-ttl{COLON} { YDVAR(1, VAR_IPSECMOD_MAX_TTL) } 523ipsecmod-whitelist{COLON} { YDVAR(1, VAR_IPSECMOD_WHITELIST) } 524ipsecmod-allow{COLON} { YDVAR(1, VAR_IPSECMOD_WHITELIST) } 525ipsecmod-strict{COLON} { YDVAR(1, VAR_IPSECMOD_STRICT) } 526cachedb{COLON} { YDVAR(0, VAR_CACHEDB) } 527backend{COLON} { YDVAR(1, VAR_CACHEDB_BACKEND) } 528secret-seed{COLON} { YDVAR(1, VAR_CACHEDB_SECRETSEED) } 529redis-server-host{COLON} { YDVAR(1, VAR_CACHEDB_REDISHOST) } 530redis-server-port{COLON} { YDVAR(1, VAR_CACHEDB_REDISPORT) } 531redis-timeout{COLON} { YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } 532redis-expire-records{COLON} { YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } 533ipset{COLON} { YDVAR(0, VAR_IPSET) } 534name-v4{COLON} { YDVAR(1, VAR_IPSET_NAME_V4) } 535name-v6{COLON} { YDVAR(1, VAR_IPSET_NAME_V6) } 536udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } 537tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } 538edns-client-string{COLON} { YDVAR(2, VAR_EDNS_CLIENT_STRING) } 539edns-client-string-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } 540nsid{COLON} { YDVAR(1, VAR_NSID ) } 541<INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } 542 543 /* Quoted strings. Strip leading and ending quotes */ 544<val>\" { BEGIN(quotedstring); LEXOUT(("QS ")); } 545<quotedstring><<EOF>> { 546 ub_c_error("EOF inside quoted string"); 547 if(--num_args == 0) { BEGIN(INITIAL); } 548 else { BEGIN(val); } 549} 550<quotedstring>{DQANY}* { LEXOUT(("STR(%s) ", ub_c_text)); yymore(); } 551<quotedstring>{NEWLINE} { ub_c_error("newline inside quoted string, no end \""); 552 cfg_parser->line++; BEGIN(INITIAL); } 553<quotedstring>\" { 554 LEXOUT(("QE ")); 555 if(--num_args == 0) { BEGIN(INITIAL); } 556 else { BEGIN(val); } 557 ub_c_text[ub_c_leng - 1] = '\0'; 558 ub_c_lval.str = strdup(ub_c_text); 559 if(!ub_c_lval.str) 560 ub_c_error("out of memory"); 561 return STRING_ARG; 562} 563 564 /* Single Quoted strings. Strip leading and ending quotes */ 565<val>\' { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } 566<singlequotedstr><<EOF>> { 567 ub_c_error("EOF inside quoted string"); 568 if(--num_args == 0) { BEGIN(INITIAL); } 569 else { BEGIN(val); } 570} 571<singlequotedstr>{SQANY}* { LEXOUT(("STR(%s) ", ub_c_text)); yymore(); } 572<singlequotedstr>{NEWLINE} { ub_c_error("newline inside quoted string, no end '"); 573 cfg_parser->line++; BEGIN(INITIAL); } 574<singlequotedstr>\' { 575 LEXOUT(("SQE ")); 576 if(--num_args == 0) { BEGIN(INITIAL); } 577 else { BEGIN(val); } 578 ub_c_text[ub_c_leng - 1] = '\0'; 579 ub_c_lval.str = strdup(ub_c_text); 580 if(!ub_c_lval.str) 581 ub_c_error("out of memory"); 582 return STRING_ARG; 583} 584 585 /* include: directive */ 586<INITIAL,val>include{COLON} { 587 LEXOUT(("v(%s) ", ub_c_text)); inc_prev = YYSTATE; BEGIN(include); } 588<include><<EOF>> { 589 ub_c_error("EOF inside include directive"); 590 BEGIN(inc_prev); 591} 592<include>{SPACE}* { LEXOUT(("ISP ")); /* ignore */ } 593<include>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++;} 594<include>\" { LEXOUT(("IQS ")); BEGIN(include_quoted); } 595<include>{UNQUOTEDLETTER}* { 596 LEXOUT(("Iunquotedstr(%s) ", ub_c_text)); 597 config_start_include_glob(ub_c_text, 0); 598 BEGIN(inc_prev); 599} 600<include_quoted><<EOF>> { 601 ub_c_error("EOF inside quoted string"); 602 BEGIN(inc_prev); 603} 604<include_quoted>{DQANY}* { LEXOUT(("ISTR(%s) ", ub_c_text)); yymore(); } 605<include_quoted>{NEWLINE} { ub_c_error("newline before \" in include name"); 606 cfg_parser->line++; BEGIN(inc_prev); } 607<include_quoted>\" { 608 LEXOUT(("IQE ")); 609 ub_c_text[ub_c_leng - 1] = '\0'; 610 config_start_include_glob(ub_c_text,0); 611 BEGIN(inc_prev); 612} 613<INITIAL,val><<EOF>> { 614 LEXOUT(("LEXEOF ")); 615 yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ 616 if (!config_include_stack) { 617 yyterminate(); 618 } else { 619 fclose(yyin); 620 int prev_toplevel = inc_toplevel; 621 fclose(ub_c_in); 622 config_end_include(); 623 if(prev_toplevel) return (VAR_FORCE_TOPLEVEL); 624 } 625} 626 627 /* include-toplevel: directive */ 628<INITIAL,val>include-toplevel{COLON} { 629 LEXOUT(("v(%s) ", ub_c_text)); inc_prev = YYSTATE; BEGIN(include_toplevel); 630} 631<include_toplevel><<EOF>> { 632 ub_c_error("EOF inside include_toplevel directive"); 633 BEGIN(inc_prev); 634} 635<include_toplevel>{SPACE}* { LEXOUT(("ITSP ")); /* ignore */ } 636<include_toplevel>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } 637<include_toplevel>\" { LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); } 638<include_toplevel>{UNQUOTEDLETTER}* { 639 LEXOUT(("ITunquotedstr(%s) ", ub_c_text)); 640 config_start_include_glob(ub_c_text, 1); 641 BEGIN(inc_prev); 642 return (VAR_FORCE_TOPLEVEL); 643} 644<include_toplevel_quoted><<EOF>> { 645 ub_c_error("EOF inside quoted string"); 646 BEGIN(inc_prev); 647} 648<include_toplevel_quoted>{DQANY}* { LEXOUT(("ITSTR(%s) ", ub_c_text)); yymore(); } 649<include_toplevel_quoted>{NEWLINE} { 650 ub_c_error("newline before \" in include name"); 651 cfg_parser->line++; BEGIN(inc_prev); 652} 653<include_toplevel_quoted>\" { 654 LEXOUT(("ITQE ")); 655 ub_c_text[yyleng - 1] = '\0'; 656 config_start_include_glob(ub_c_text, 1); 657 BEGIN(inc_prev); 658 return (VAR_FORCE_TOPLEVEL); 659} 660 661<val>{UNQUOTEDLETTER}* { LEXOUT(("unquotedstr(%s) ", ub_c_text)); 662 if(--num_args == 0) { BEGIN(INITIAL); } 663 ub_c_lval.str = strdup(ub_c_text); return STRING_ARG; } 664 665{UNQUOTEDLETTER_NOCOLON}* { 666 ub_c_error_msg("unknown keyword '%s'", ub_c_text); 667 } 668 669<*>. { 670 ub_c_error_msg("stray '%s'", ub_c_text); 671 } 672 673%% 674