From: Yuri Schaeffer Date: Mon, 27 Aug 2012 09:52:47 +0000 (+0000) Subject: Append client subnet to whitelisted servers for client X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=855833f02e977d9e158172a5475801729b665c36;p=thirdparty%2Funbound.git Append client subnet to whitelisted servers for client initiated queries. (I.e. Only do vandergaast for queries client is interested in). git-svn-id: file:///svn/unbound/branches/edns-subnet@2747 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/Makefile.in b/Makefile.in index af9fba806..7e47bada6 100644 --- a/Makefile.in +++ b/Makefile.in @@ -99,7 +99,8 @@ util/storage/lruhash.c util/storage/slabhash.c util/timehist.c util/tube.c \ util/winsock_event.c validator/autotrust.c validator/val_anchor.c \ validator/validator.c validator/val_kcache.c validator/val_kentry.c \ validator/val_neg.c validator/val_nsec3.c validator/val_nsec.c \ -validator/val_sigcrypt.c validator/val_utils.c $(CHECKLOCK_SRC) +validator/val_sigcrypt.c validator/val_utils.c edns-subnet/edns-subnet.c \ +$(CHECKLOCK_SRC) COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ @@ -109,7 +110,7 @@ fptr_wlist.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \ random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \ slabhash.lo timehist.lo tube.lo winsock_event.lo autotrust.lo val_anchor.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ -val_sigcrypt.lo val_utils.lo $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) +val_sigcrypt.lo val_utils.lo edns-subnet.lo $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) COMMON_OBJ=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo # set to $COMMON_OBJ or to "" if --enableallsymbols @@ -643,6 +644,10 @@ iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/i $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/validator/val_anchor.h \ $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_utils.h +edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h $(srcdir)/edns-subnet/edns-subnet.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \ + $(srcdir)/util/config_file.h \ + $(srcdir)/util/net_help.h listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \ @@ -681,6 +686,7 @@ outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c confi $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ + $(srcdir)/edns-subnet/edns-subnet.h alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/regional.h \ @@ -940,7 +946,7 @@ daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h \ $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h + $(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/edns-subnet/edns-subnet.h remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \ $(srcdir)/daemon/remote.h \ $(srcdir)/daemon/worker.h $(srcdir)/util/netevent.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h \ diff --git a/configure.ac b/configure.ac index 6f4bf4c84..fd00961a7 100644 --- a/configure.ac +++ b/configure.ac @@ -1190,10 +1190,6 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, #define UNBOUND_CONTROL_PORT 8953 /** the version of unbound-control that this software implements */ #define UNBOUND_CONTROL_VERSION 1 - -/** YBS: in use by the edns subnet option code*/ -#define IANA_ADDRFAM_IP4 1 -#define IANA_ADDRFAM_IP6 2 ]) AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8]) diff --git a/daemon/daemon.c b/daemon/daemon.c index 9d6ce9fe4..fd75c23c6 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -73,6 +73,7 @@ #include "util/module.h" #include "util/random.h" #include "util/tube.h" +#include "edns-subnet/edns-subnet.h" #include /** How many quit requests happened. */ @@ -223,6 +224,13 @@ daemon_init(void) free(daemon); return NULL; } + /* whitelist for edns subnet capable servers */ + daemon->edns_subnet_upstreams = upstream_create(); + if(!daemon->edns_subnet_upstreams) { + free(daemon->env); + free(daemon); + return NULL; + } if(gettimeofday(&daemon->time_boot, NULL) < 0) log_err("gettimeofday: %s", strerror(errno)); daemon->time_last_stat = daemon->time_boot; @@ -438,6 +446,8 @@ daemon_fork(struct daemon* daemon) log_assert(daemon); if(!acl_list_apply_cfg(daemon->acl, daemon->cfg)) fatal_exit("Could not setup access control list"); + if(!upstream_apply_cfg(daemon->edns_subnet_upstreams, daemon->cfg)) + fatal_exit("Could not setup edns-subnet upstream list"); if(!(daemon->local_zones = local_zones_create())) fatal_exit("Could not create local zones: out of memory"); if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg)) @@ -527,6 +537,7 @@ daemon_delete(struct daemon* daemon) ub_randfree(daemon->rand); alloc_clear(&daemon->superalloc); acl_list_delete(daemon->acl); + upstream_delete(daemon->edns_subnet_upstreams); free(daemon->chroot); free(daemon->pidfile); free(daemon->env); diff --git a/daemon/daemon.h b/daemon/daemon.h index 8e47ea00b..d1a7c0e1a 100644 --- a/daemon/daemon.h +++ b/daemon/daemon.h @@ -98,6 +98,8 @@ struct daemon { struct module_stack mods; /** access control, which client IPs are allowed to connect */ struct acl_list* acl; + /** access control, which upstream servers we send client address */ + struct ednssubnet_upstream* edns_subnet_upstreams; /** local authority zones */ struct local_zones* local_zones; /** last time of statistics printout */ diff --git a/daemon/worker.c b/daemon/worker.c index 6d6993afb..9a6960ed5 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -1117,7 +1117,8 @@ worker_init(struct worker* worker, struct config_file *cfg, worker->daemon->env->infra_cache, worker->rndstate, cfg->use_caps_bits_for_id, worker->ports, worker->numports, cfg->unwanted_threshold, &worker_alloc_cleanup, worker, - cfg->do_udp, worker->daemon->connect_sslctx); + cfg->do_udp, worker->daemon->connect_sslctx, + worker->daemon->edns_subnet_upstreams); if(!worker->back) { log_err("could not create outgoing sockets"); worker_delete(worker); diff --git a/libunbound/libworker.c b/libunbound/libworker.c index 381d2bcac..047cd1d05 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -203,7 +203,7 @@ libworker_setup(struct ub_ctx* ctx, int is_bg) cfg->do_tcp?cfg->outgoing_num_tcp:0, w->env->infra_cache, w->env->rnd, cfg->use_caps_bits_for_id, ports, numports, cfg->unwanted_threshold, - &libworker_alloc_cleanup, w, cfg->do_udp, w->sslctx); + &libworker_alloc_cleanup, w, cfg->do_udp, w->sslctx, NULL); if(!w->is_bg || w->is_bg_thread) { lock_basic_unlock(&ctx->cfglock); } diff --git a/services/outside_network.c b/services/outside_network.c index f51fb3810..431917935 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -47,6 +47,7 @@ #include #include #include "services/outside_network.h" +#include "services/outbound_list.h" #include "services/listen_dnsport.h" #include "services/cache/infra.h" #include "util/data/msgparse.h" @@ -58,6 +59,7 @@ #include "util/net_help.h" #include "util/random.h" #include "util/fptr_wlist.h" +#include "edns-subnet/edns-subnet.h" #include #ifdef HAVE_NETDB_H @@ -557,7 +559,7 @@ outside_network_create(struct comm_base *base, size_t bufsize, struct ub_randstate* rnd, int use_caps_for_id, int* availports, int numavailports, size_t unwanted_threshold, void (*unwanted_action)(void*), void* unwanted_param, int do_udp, - void* sslctx) + void* sslctx, struct ednssubnet_upstream* edns_subnet_upstreams) { struct outside_network* outnet = (struct outside_network*) calloc(1, sizeof(struct outside_network)); @@ -579,6 +581,7 @@ outside_network_create(struct comm_base *base, size_t bufsize, outnet->unwanted_param = unwanted_param; outnet->use_caps_for_id = use_caps_for_id; outnet->do_udp = do_udp; + outnet->edns_subnet_upstreams = edns_subnet_upstreams; if(numavailports == 0) { log_err("no outgoing ports available"); outside_network_delete(outnet); @@ -1204,6 +1207,7 @@ serviced_create(struct outside_network* outnet, ldns_buffer* buff, int dnssec, sq->status = serviced_initial; sq->retry = 0; sq->to_be_deleted = 0; + sq->client = NULL; #ifdef UNBOUND_DEBUG ins = #endif @@ -1308,6 +1312,8 @@ serviced_perturb_qname(struct ub_randstate* rnd, uint8_t* qbuf, size_t len) static void serviced_encode(struct serviced_query* sq, ldns_buffer* buff, int with_edns) { + struct sockaddr_storage *ss; + void* sinaddr; /* if we are using 0x20 bits for ID randomness, perturb them */ if(sq->outnet->use_caps_for_id) { serviced_perturb_qname(sq->outnet->rnd, sq->qbuf, sq->qbuflen); @@ -1323,13 +1329,31 @@ serviced_encode(struct serviced_query* sq, ldns_buffer* buff, int with_edns) edns.edns_present = 1; edns.ext_rcode = 0; edns.edns_version = EDNS_ADVERTISED_VERSION; - //YBS make conditional on whitelist - edns.subnet_option_add = 0; - //~ uint16_t subnet_addr_fam; - //~ uint8_t subnet_source_mask; - //~ uint8_t subnet_scope_mask; - //~ uint8_t subnet_addr[16]; - //YBS + /* If this query has an interested client and the upstream + * target is in the whitelist, add the edns subnet option. */ + edns.subnet_option_add = sq->client && upstream_lookup( + sq->outnet->edns_subnet_upstreams, &sq->addr, sq->addrlen); + if(edns.subnet_option_add) { + ss = &sq->client->addr; + if(((struct sockaddr_in*)ss)->sin_family == AF_INET) { + edns.subnet_addr_fam = IANA_ADDRFAM_IP4; + sinaddr = &((struct sockaddr_in*)ss)->sin_addr; + memcpy(edns.subnet_addr, (uint8_t *)sinaddr, INET_SIZE); + /* YBS TODO: source mask must come from original query if + * any. Some default otherwise. But not more than + * configured maximum */ + edns.subnet_source_mask = 26; + } +#ifdef INET6 + else { + edns.subnet_addr_fam = IANA_ADDRFAM_IP6; + sinaddr = &((struct sockaddr_in6*)ss)->sin6_addr; + memcpy(edns.subnet_addr, (uint8_t *)sinaddr, INET6_SIZE); + edns.subnet_source_mask = 100; + } +#endif + edns.subnet_scope_mask = 0; + } if(sq->status == serviced_query_UDP_EDNS_FRAG) { if(addr_is_ip6(&sq->addr, sq->addrlen)) { if(EDNS_FRAG_SIZE_IP6 < EDNS_ADVERTISED_SIZE) @@ -1811,6 +1835,7 @@ outnet_serviced_query(struct outside_network* outnet, { struct serviced_query* sq; struct service_callback* cb; + struct mesh_reply* reply_list; serviced_gen_query(buff, qname, qnamelen, qtype, qclass, flags); sq = lookup_serviced(outnet, buff, dnssec, addr, addrlen); if(sq) { @@ -1830,6 +1855,13 @@ outnet_serviced_query(struct outside_network* outnet, free(cb); return NULL; } + /* Is this a client initiated query? Make clients available + * to serviced query. */ + reply_list = ((struct outbound_entry*)callback_arg) + ->qstate->mesh_info->reply_list; + if(reply_list) + sq->client = &reply_list->query_reply; + /* perform first network action */ if(outnet->do_udp && !(tcp_upstream || ssl_upstream)) { if(!serviced_udp_send(sq, buff)) { diff --git a/services/outside_network.h b/services/outside_network.h index ab18d2406..57c2ba81f 100644 --- a/services/outside_network.h +++ b/services/outside_network.h @@ -120,6 +120,8 @@ struct outside_network { struct ub_randstate* rnd; /** ssl context to create ssl wrapped TCP with DNS connections */ void* sslctx; + /** hosts we send client prefix, not owned by outnet. */ + struct ednssubnet_upstream* edns_subnet_upstreams; /** * Array of tcp pending used for outgoing TCP connections. @@ -353,6 +355,8 @@ struct serviced_query { struct service_callback* cblist; /** the UDP or TCP query that is pending, see status which */ void* pending; + /** Clients initiating lookup. Not owned by serviced_query */ + struct comm_reply *client; }; /** @@ -376,6 +380,7 @@ struct serviced_query { * @param unwanted_param: user parameter to action. * @param do_udp: if udp is done. * @param sslctx: context to create outgoing connections with (if enabled). + * @param edns_subnet_upstreams: Servers whitelisted for edns-subnet. * @return: the new structure (with no pending answers) or NULL on error. */ struct outside_network* outside_network_create(struct comm_base* base, @@ -384,7 +389,7 @@ struct outside_network* outside_network_create(struct comm_base* base, struct ub_randstate* rnd, int use_caps_for_id, int* availports, int numavailports, size_t unwanted_threshold, void (*unwanted_action)(void*), void* unwanted_param, int do_udp, - void* sslctx); + void* sslctx, struct ednssubnet_upstream* edns_subnet_upstreams); /** * Delete outside_network structure. diff --git a/util/config_file.c b/util/config_file.c index 1e05a9ae7..7d6a8e8e0 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -157,7 +157,7 @@ config_create(void) * edns-client-subnet/bind-9.7.1-dig-edns-client-subnet.diff */ cfg->client_subnet_opc = 0x50fa; cfg->max_client_subnet_ipv4 = 24; - cfg->max_client_subnet_ipv6 = 32; + cfg->max_client_subnet_ipv6 = 64; cfg->acls = NULL; cfg->harden_short_bufsize = 0; cfg->harden_large_queries = 0; @@ -419,6 +419,10 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STR("control-cert-file:", control_cert_file) else S_STR("module-config:", module_conf) else S_STR("python-script:", python_script) + else S_STRLIST("send-client-subnet", client_subnet) + else S_NUMBER_OR_ZERO("max-client-subnet-ipv4:", max_client_subnet_ipv4) + else S_NUMBER_OR_ZERO("max-client-subnet-ipv6:", max_client_subnet_ipv6) + else S_NUMBER_OR_ZERO("client-subnet-opc:", client_subnet_opc) else if (strcmp(opt, "outgoing-interface:") == 0) { char* d = strdup(val); char** oi = (char**)malloc((cfg->num_out_ifs+1)*sizeof(char*)); @@ -663,6 +667,10 @@ config_get_option(struct config_file* cfg, const char* opt, else O_UNS(opt, "val-override-date", val_date_override) else O_YNO(opt, "minimal-responses", minimal_responses) else O_YNO(opt, "rrset-roundrobin", rrset_roundrobin) + else O_LST(opt, "send-client-subnet", client_subnet) + else O_DEC(opt, "max-client-subnet-ipv4", max_client_subnet_ipv4) + else O_DEC(opt, "max-client-subnet-ipv6", max_client_subnet_ipv6) + else O_DEC(opt, "client-subnet-opc", client_subnet_opc) /* not here: * outgoing-permit, outgoing-avoid - have list of ports * local-zone - zones and nodefault variables @@ -781,6 +789,7 @@ config_delete(struct config_file* cfg) config_delstubs(cfg->forwards); config_delstrlist(cfg->donotqueryaddrs); config_delstrlist(cfg->root_hints); + config_delstrlist(cfg->client_subnet); free(cfg->identity); free(cfg->version); free(cfg->module_conf); diff --git a/util/configparser.c b/util/configparser.c index 708e30121..aea6f1951 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -721,7 +721,7 @@ static const yytype_uint16 yyprhs[] = 385, 388, 391, 394, 397, 400, 403, 406, 409, 412, 415, 418, 421, 424, 427, 430, 433, 436, 439, 442, 445, 448, 451, 454, 457, 460, 463, 466, 469, 472, - 475, 478, 481, 484, 487, 490, 493, 497, 500, 503, + 475, 478, 481, 484, 487, 490, 493, 496, 500, 503, 506, 509, 512, 515, 518, 521, 524, 527, 530, 533, 536, 539, 542, 545, 548, 551, 554, 558, 561, 564, 567, 570, 573, 576, 579, 582, 585, 588, 591, 594, @@ -736,53 +736,53 @@ static const yytype_int16 yyrhs[] = 135, 0, -1, -1, 135, 136, -1, 137, 138, -1, 140, 141, -1, 143, 144, -1, 267, 268, -1, 257, 258, -1, 11, -1, 138, 139, -1, -1, 146, -1, - 147, -1, 151, -1, 157, -1, 163, -1, 164, -1, - 165, -1, 166, -1, 155, -1, 176, -1, 177, -1, - 178, -1, 179, -1, 180, -1, 197, -1, 198, -1, - 199, -1, 201, -1, 202, -1, 160, -1, 203, -1, - 204, -1, 207, -1, 205, -1, 206, -1, 208, -1, - 209, -1, 210, -1, 221, -1, 189, -1, 190, -1, - 191, -1, 192, -1, 211, -1, 225, -1, 185, -1, - 187, -1, 226, -1, 231, -1, 232, -1, 233, -1, - 161, -1, 196, -1, 240, -1, 241, -1, 186, -1, - 236, -1, 173, -1, 156, -1, 181, -1, 222, -1, - 229, -1, 212, -1, 223, -1, 243, -1, 244, -1, - 162, -1, 148, -1, 172, -1, 215, -1, 149, -1, - 158, -1, 159, -1, 182, -1, 183, -1, 242, -1, - 214, -1, 216, -1, 217, -1, 150, -1, 245, -1, - 200, -1, 220, -1, 174, -1, 188, -1, 227, -1, - 228, -1, 230, -1, 235, -1, 184, -1, 237, -1, - 238, -1, 239, -1, 193, -1, 195, -1, 218, -1, - 219, -1, 194, -1, 213, -1, 234, -1, 175, -1, - 167, -1, 168, -1, 169, -1, 170, -1, 171, -1, - 246, -1, 247, -1, 224, -1, 152, -1, 153, -1, - 154, -1, 38, -1, 141, 142, -1, -1, 248, -1, + 147, -1, 151, -1, 158, -1, 164, -1, 165, -1, + 166, -1, 167, -1, 156, -1, 177, -1, 178, -1, + 179, -1, 180, -1, 181, -1, 198, -1, 199, -1, + 200, -1, 202, -1, 203, -1, 161, -1, 204, -1, + 205, -1, 208, -1, 206, -1, 207, -1, 209, -1, + 210, -1, 211, -1, 222, -1, 190, -1, 191, -1, + 192, -1, 193, -1, 212, -1, 225, -1, 186, -1, + 188, -1, 226, -1, 231, -1, 232, -1, 233, -1, + 162, -1, 197, -1, 240, -1, 241, -1, 187, -1, + 236, -1, 174, -1, 157, -1, 182, -1, 223, -1, + 229, -1, 213, -1, 224, -1, 243, -1, 244, -1, + 163, -1, 148, -1, 173, -1, 216, -1, 149, -1, + 159, -1, 160, -1, 183, -1, 184, -1, 242, -1, + 215, -1, 217, -1, 218, -1, 150, -1, 245, -1, + 201, -1, 221, -1, 175, -1, 189, -1, 227, -1, + 228, -1, 230, -1, 235, -1, 185, -1, 237, -1, + 238, -1, 239, -1, 194, -1, 196, -1, 219, -1, + 220, -1, 195, -1, 214, -1, 234, -1, 176, -1, + 168, -1, 169, -1, 170, -1, 171, -1, 172, -1, + 246, -1, 247, -1, 152, -1, 153, -1, 154, -1, + 155, -1, 38, -1, 141, 142, -1, -1, 248, -1, 249, -1, 250, -1, 252, -1, 251, -1, 44, -1, 144, 145, -1, -1, 253, -1, 254, -1, 255, -1, 256, -1, 13, 10, -1, 12, 10, -1, 76, 10, -1, 79, 10, -1, 96, 10, -1, 14, 10, -1, - 131, 10, -1, 132, 10, -1, 133, 10, -1, 16, - 10, -1, 67, 10, -1, 15, 10, -1, 80, 10, - -1, 81, 10, -1, 31, 10, -1, 60, 10, -1, - 75, 10, -1, 17, 10, -1, 18, 10, -1, 19, - 10, -1, 20, 10, -1, 121, 10, -1, 122, 10, - -1, 123, 10, -1, 124, 10, -1, 125, 10, -1, - 77, 10, -1, 66, 10, -1, 101, 10, -1, 120, - 10, -1, 21, 10, -1, 22, 10, -1, 23, 10, - -1, 24, 10, -1, 25, 10, -1, 68, 10, -1, - 82, 10, -1, 83, 10, -1, 109, 10, -1, 54, - 10, -1, 64, 10, -1, 55, 10, -1, 102, 10, - -1, 48, 10, -1, 49, 10, -1, 50, 10, -1, - 51, 10, -1, 113, 10, -1, 117, 10, -1, 114, - 10, -1, 61, 10, -1, 26, 10, -1, 27, 10, - -1, 28, 10, -1, 98, 10, -1, 29, 10, -1, - 30, 10, -1, 32, 10, -1, 33, 10, -1, 35, - 10, -1, 36, 10, -1, 34, 10, -1, 41, 10, - -1, 42, 10, -1, 43, 10, -1, 52, 10, -1, - 71, 10, -1, 118, 10, -1, 85, 10, -1, 78, - 10, -1, 86, 10, -1, 87, 10, -1, 115, 10, - -1, 116, 10, -1, 100, 10, -1, 47, 10, -1, - 69, 10, -1, 72, 10, 10, -1, 130, 10, -1, + 130, 10, -1, 131, 10, -1, 132, 10, -1, 133, + 10, -1, 16, 10, -1, 67, 10, -1, 15, 10, + -1, 80, 10, -1, 81, 10, -1, 31, 10, -1, + 60, 10, -1, 75, 10, -1, 17, 10, -1, 18, + 10, -1, 19, 10, -1, 20, 10, -1, 121, 10, + -1, 122, 10, -1, 123, 10, -1, 124, 10, -1, + 125, 10, -1, 77, 10, -1, 66, 10, -1, 101, + 10, -1, 120, 10, -1, 21, 10, -1, 22, 10, + -1, 23, 10, -1, 24, 10, -1, 25, 10, -1, + 68, 10, -1, 82, 10, -1, 83, 10, -1, 109, + 10, -1, 54, 10, -1, 64, 10, -1, 55, 10, + -1, 102, 10, -1, 48, 10, -1, 49, 10, -1, + 50, 10, -1, 51, 10, -1, 113, 10, -1, 117, + 10, -1, 114, 10, -1, 61, 10, -1, 26, 10, + -1, 27, 10, -1, 28, 10, -1, 98, 10, -1, + 29, 10, -1, 30, 10, -1, 32, 10, -1, 33, + 10, -1, 35, 10, -1, 36, 10, -1, 34, 10, + -1, 41, 10, -1, 42, 10, -1, 43, 10, -1, + 52, 10, -1, 71, 10, -1, 118, 10, -1, 85, + 10, -1, 78, 10, -1, 86, 10, -1, 87, 10, + -1, 115, 10, -1, 116, 10, -1, 100, 10, -1, + 47, 10, -1, 69, 10, -1, 72, 10, 10, -1, 53, 10, -1, 56, 10, -1, 105, 10, -1, 106, 10, -1, 70, 10, -1, 107, 10, -1, 57, 10, -1, 58, 10, -1, 59, 10, -1, 119, 10, -1, @@ -816,14 +816,14 @@ static const yytype_uint16 yyrline[] = 163, 163, 164, 164, 164, 165, 165, 165, 166, 166, 167, 167, 168, 168, 170, 182, 183, 184, 184, 184, 184, 184, 186, 198, 199, 200, 200, 200, 200, 202, - 211, 220, 231, 240, 249, 258, 267, 276, 285, 298, - 313, 322, 331, 340, 349, 358, 367, 376, 385, 394, - 403, 412, 421, 428, 435, 444, 453, 467, 476, 485, - 492, 499, 506, 514, 521, 528, 535, 542, 550, 558, - 566, 573, 580, 589, 598, 605, 612, 620, 628, 641, - 652, 660, 673, 682, 691, 699, 712, 721, 729, 738, - 746, 759, 766, 776, 786, 796, 806, 816, 826, 836, - 843, 850, 859, 868, 877, 884, 894, 908, 915, 922, + 211, 220, 231, 240, 249, 258, 265, 274, 283, 292, + 305, 320, 329, 338, 347, 356, 365, 374, 383, 392, + 401, 410, 419, 428, 435, 442, 451, 460, 474, 483, + 492, 499, 506, 513, 521, 528, 535, 542, 549, 557, + 565, 573, 580, 587, 596, 605, 612, 619, 627, 635, + 648, 659, 667, 680, 689, 698, 706, 719, 728, 736, + 745, 753, 766, 773, 783, 793, 803, 813, 823, 833, + 843, 850, 857, 866, 875, 884, 891, 901, 915, 922, 940, 953, 966, 975, 984, 993, 1003, 1013, 1022, 1031, 1038, 1047, 1056, 1065, 1073, 1086, 1094, 1116, 1123, 1138, 1148, 1158, 1168, 1175, 1182, 1191, 1201, 1211, 1218, 1225, @@ -886,9 +886,10 @@ static const char *const yytname[] = "contents_stub", "content_stub", "forwardstart", "contents_forward", "content_forward", "server_num_threads", "server_verbosity", "server_statistics_interval", "server_statistics_cumulative", - "server_extended_statistics", "server_port", "server_client_subnet_opc", - "server_max_client_subnet_ipv4", "server_max_client_subnet_ipv6", - "server_interface", "server_outgoing_interface", "server_outgoing_range", + "server_extended_statistics", "server_port", "server_send_client_subnet", + "server_client_subnet_opc", "server_max_client_subnet_ipv4", + "server_max_client_subnet_ipv6", "server_interface", + "server_outgoing_interface", "server_outgoing_range", "server_outgoing_port_permit", "server_outgoing_port_avoid", "server_outgoing_num_tcp", "server_incoming_num_tcp", "server_interface_automatic", "server_do_ip4", "server_do_ip6", @@ -916,10 +917,10 @@ static const char *const yytname[] = "server_private_address", "server_private_domain", "server_prefetch", "server_prefetch_key", "server_unwanted_reply_threshold", "server_do_not_query_address", "server_do_not_query_localhost", - "server_access_control", "server_send_client_subnet", - "server_module_conf", "server_val_override_date", - "server_val_sig_skew_min", "server_val_sig_skew_max", - "server_cache_max_ttl", "server_cache_min_ttl", "server_bogus_ttl", + "server_access_control", "server_module_conf", + "server_val_override_date", "server_val_sig_skew_min", + "server_val_sig_skew_max", "server_cache_max_ttl", + "server_cache_min_ttl", "server_bogus_ttl", "server_val_clean_additional", "server_val_permissive_mode", "server_ignore_cd_flag", "server_val_log_level", "server_val_nsec3_keysize_iterations", "server_add_holddown", @@ -1013,7 +1014,7 @@ static const yytype_uint8 yyr2[] = 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -1039,33 +1040,33 @@ static const yytype_uint16 yydefact[] = 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 10, 12, 13, 69, 72, 81, 14, 111, 112, - 113, 20, 60, 15, 73, 74, 31, 53, 68, 16, - 17, 18, 19, 103, 104, 105, 106, 107, 70, 59, - 85, 102, 21, 22, 23, 24, 25, 61, 75, 76, - 91, 47, 57, 48, 86, 41, 42, 43, 44, 95, - 99, 96, 54, 26, 27, 28, 83, 29, 30, 32, - 33, 35, 36, 34, 37, 38, 39, 45, 64, 100, - 78, 71, 79, 80, 97, 98, 84, 40, 62, 65, - 110, 46, 49, 87, 88, 63, 89, 50, 51, 52, + 0, 10, 12, 13, 69, 72, 81, 14, 110, 111, + 112, 113, 20, 60, 15, 73, 74, 31, 53, 68, + 16, 17, 18, 19, 103, 104, 105, 106, 107, 70, + 59, 85, 102, 21, 22, 23, 24, 25, 61, 75, + 76, 91, 47, 57, 48, 86, 41, 42, 43, 44, + 95, 99, 96, 54, 26, 27, 28, 83, 29, 30, + 32, 33, 35, 36, 34, 37, 38, 39, 45, 64, + 100, 78, 71, 79, 80, 97, 98, 84, 40, 62, + 65, 46, 49, 87, 88, 63, 89, 50, 51, 52, 101, 90, 58, 92, 93, 94, 55, 56, 77, 66, 67, 82, 108, 109, 0, 0, 0, 0, 0, 115, 117, 118, 119, 121, 120, 0, 0, 0, 0, 123, 125, 126, 127, 128, 0, 0, 0, 0, 0, 0, 0, 241, 243, 245, 244, 246, 247, 248, 249, 0, - 258, 260, 130, 129, 134, 140, 138, 146, 147, 148, - 149, 159, 160, 161, 162, 163, 180, 181, 182, 184, - 185, 143, 186, 187, 190, 188, 189, 191, 192, 193, - 204, 172, 173, 174, 175, 194, 208, 168, 170, 209, - 214, 215, 216, 144, 179, 223, 224, 169, 219, 156, - 139, 164, 205, 212, 195, 0, 0, 227, 145, 131, - 155, 198, 132, 141, 142, 165, 166, 225, 197, 199, - 200, 133, 228, 183, 203, 157, 171, 210, 211, 213, - 218, 167, 222, 220, 221, 176, 178, 201, 202, 177, - 196, 217, 158, 150, 151, 152, 153, 154, 229, 230, - 207, 135, 136, 137, 231, 232, 233, 235, 234, 236, + 258, 260, 130, 129, 134, 141, 139, 147, 148, 149, + 150, 160, 161, 162, 163, 164, 181, 182, 183, 185, + 186, 144, 187, 188, 191, 189, 190, 192, 193, 194, + 205, 173, 174, 175, 176, 195, 208, 169, 171, 209, + 214, 215, 216, 145, 180, 223, 224, 170, 219, 157, + 140, 165, 206, 212, 196, 0, 0, 227, 146, 131, + 156, 199, 132, 142, 143, 166, 167, 225, 198, 200, + 201, 133, 228, 184, 204, 158, 172, 210, 211, 213, + 218, 168, 222, 220, 221, 177, 179, 202, 203, 178, + 197, 217, 159, 151, 152, 153, 154, 155, 229, 230, + 135, 136, 137, 138, 231, 232, 233, 235, 234, 236, 237, 238, 239, 250, 252, 251, 253, 254, 255, 256, - 261, 206, 226 + 261, 207, 226 }; /* YYDEFGOTO[NTERM-NUM]. */ @@ -2221,6 +2222,17 @@ yyreduce: /* Line 1806 of yacc.c */ #line 259 "./util/configparser.y" + { + OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[(2) - (2)].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, (yyvsp[(2) - (2)].str))) + fatal_exit("out of memory adding client-subnet"); + } + break; + + case 136: + +/* Line 1806 of yacc.c */ +#line 266 "./util/configparser.y" { OUTYY(("P(client_subnet_opc:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) @@ -2230,36 +2242,36 @@ yyreduce: } break; - case 136: + case 137: /* Line 1806 of yacc.c */ -#line 268 "./util/configparser.y" +#line 275 "./util/configparser.y" { OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) yyerror("IPv4 subnet length expected"); - else cfg_parser->cfg->client_subnet_opc = atoi((yyvsp[(2) - (2)].str)); + else cfg_parser->cfg->max_client_subnet_ipv4 = atoi((yyvsp[(2) - (2)].str)); free((yyvsp[(2) - (2)].str)); } break; - case 137: + case 138: /* Line 1806 of yacc.c */ -#line 277 "./util/configparser.y" +#line 284 "./util/configparser.y" { OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) yyerror("Ipv6 subnet length expected"); - else cfg_parser->cfg->client_subnet_opc = atoi((yyvsp[(2) - (2)].str)); + else cfg_parser->cfg->max_client_subnet_ipv6 = atoi((yyvsp[(2) - (2)].str)); free((yyvsp[(2) - (2)].str)); } break; - case 138: + case 139: /* Line 1806 of yacc.c */ -#line 286 "./util/configparser.y" +#line 293 "./util/configparser.y" { OUTYY(("P(server_interface:%s)\n", (yyvsp[(2) - (2)].str))); if(cfg_parser->cfg->num_ifs == 0) @@ -2273,10 +2285,10 @@ yyreduce: } break; - case 139: + case 140: /* Line 1806 of yacc.c */ -#line 299 "./util/configparser.y" +#line 306 "./util/configparser.y" { OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[(2) - (2)].str))); if(cfg_parser->cfg->num_out_ifs == 0) @@ -2292,10 +2304,10 @@ yyreduce: } break; - case 140: + case 141: /* Line 1806 of yacc.c */ -#line 314 "./util/configparser.y" +#line 321 "./util/configparser.y" { OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) @@ -2305,10 +2317,10 @@ yyreduce: } break; - case 141: + case 142: /* Line 1806 of yacc.c */ -#line 323 "./util/configparser.y" +#line 330 "./util/configparser.y" { OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_mark_ports((yyvsp[(2) - (2)].str), 1, @@ -2318,10 +2330,10 @@ yyreduce: } break; - case 142: + case 143: /* Line 1806 of yacc.c */ -#line 332 "./util/configparser.y" +#line 339 "./util/configparser.y" { OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_mark_ports((yyvsp[(2) - (2)].str), 0, @@ -2331,10 +2343,10 @@ yyreduce: } break; - case 143: + case 144: /* Line 1806 of yacc.c */ -#line 341 "./util/configparser.y" +#line 348 "./util/configparser.y" { OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0) @@ -2344,10 +2356,10 @@ yyreduce: } break; - case 144: + case 145: /* Line 1806 of yacc.c */ -#line 350 "./util/configparser.y" +#line 357 "./util/configparser.y" { OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0) @@ -2357,10 +2369,10 @@ yyreduce: } break; - case 145: + case 146: /* Line 1806 of yacc.c */ -#line 359 "./util/configparser.y" +#line 366 "./util/configparser.y" { OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2370,10 +2382,10 @@ yyreduce: } break; - case 146: + case 147: /* Line 1806 of yacc.c */ -#line 368 "./util/configparser.y" +#line 375 "./util/configparser.y" { OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2383,10 +2395,10 @@ yyreduce: } break; - case 147: + case 148: /* Line 1806 of yacc.c */ -#line 377 "./util/configparser.y" +#line 384 "./util/configparser.y" { OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2396,10 +2408,10 @@ yyreduce: } break; - case 148: + case 149: /* Line 1806 of yacc.c */ -#line 386 "./util/configparser.y" +#line 393 "./util/configparser.y" { OUTYY(("P(server_do_udp:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2409,10 +2421,10 @@ yyreduce: } break; - case 149: + case 150: /* Line 1806 of yacc.c */ -#line 395 "./util/configparser.y" +#line 402 "./util/configparser.y" { OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2422,10 +2434,10 @@ yyreduce: } break; - case 150: + case 151: /* Line 1806 of yacc.c */ -#line 404 "./util/configparser.y" +#line 411 "./util/configparser.y" { OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2435,10 +2447,10 @@ yyreduce: } break; - case 151: + case 152: /* Line 1806 of yacc.c */ -#line 413 "./util/configparser.y" +#line 420 "./util/configparser.y" { OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2448,10 +2460,10 @@ yyreduce: } break; - case 152: + case 153: /* Line 1806 of yacc.c */ -#line 422 "./util/configparser.y" +#line 429 "./util/configparser.y" { OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->ssl_service_key); @@ -2459,10 +2471,10 @@ yyreduce: } break; - case 153: + case 154: /* Line 1806 of yacc.c */ -#line 429 "./util/configparser.y" +#line 436 "./util/configparser.y" { OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->ssl_service_pem); @@ -2470,10 +2482,10 @@ yyreduce: } break; - case 154: + case 155: /* Line 1806 of yacc.c */ -#line 436 "./util/configparser.y" +#line 443 "./util/configparser.y" { OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) @@ -2483,10 +2495,10 @@ yyreduce: } break; - case 155: + case 156: /* Line 1806 of yacc.c */ -#line 445 "./util/configparser.y" +#line 452 "./util/configparser.y" { OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2496,10 +2508,10 @@ yyreduce: } break; - case 156: + case 157: /* Line 1806 of yacc.c */ -#line 454 "./util/configparser.y" +#line 461 "./util/configparser.y" { OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2514,10 +2526,10 @@ yyreduce: } break; - case 157: + case 158: /* Line 1806 of yacc.c */ -#line 468 "./util/configparser.y" +#line 475 "./util/configparser.y" { OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2527,10 +2539,10 @@ yyreduce: } break; - case 158: + case 159: /* Line 1806 of yacc.c */ -#line 477 "./util/configparser.y" +#line 484 "./util/configparser.y" { OUTYY(("P(server_log_queries:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2540,10 +2552,10 @@ yyreduce: } break; - case 159: + case 160: /* Line 1806 of yacc.c */ -#line 486 "./util/configparser.y" +#line 493 "./util/configparser.y" { OUTYY(("P(server_chroot:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->chrootdir); @@ -2551,10 +2563,10 @@ yyreduce: } break; - case 160: + case 161: /* Line 1806 of yacc.c */ -#line 493 "./util/configparser.y" +#line 500 "./util/configparser.y" { OUTYY(("P(server_username:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->username); @@ -2562,10 +2574,10 @@ yyreduce: } break; - case 161: + case 162: /* Line 1806 of yacc.c */ -#line 500 "./util/configparser.y" +#line 507 "./util/configparser.y" { OUTYY(("P(server_directory:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->directory); @@ -2573,10 +2585,10 @@ yyreduce: } break; - case 162: + case 163: /* Line 1806 of yacc.c */ -#line 507 "./util/configparser.y" +#line 514 "./util/configparser.y" { OUTYY(("P(server_logfile:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->logfile); @@ -2585,10 +2597,10 @@ yyreduce: } break; - case 163: + case 164: /* Line 1806 of yacc.c */ -#line 515 "./util/configparser.y" +#line 522 "./util/configparser.y" { OUTYY(("P(server_pidfile:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->pidfile); @@ -2596,10 +2608,10 @@ yyreduce: } break; - case 164: + case 165: /* Line 1806 of yacc.c */ -#line 522 "./util/configparser.y" +#line 529 "./util/configparser.y" { OUTYY(("P(server_root_hints:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[(2) - (2)].str))) @@ -2607,10 +2619,10 @@ yyreduce: } break; - case 165: + case 166: /* Line 1806 of yacc.c */ -#line 529 "./util/configparser.y" +#line 536 "./util/configparser.y" { OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->dlv_anchor_file); @@ -2618,10 +2630,10 @@ yyreduce: } break; - case 166: + case 167: /* Line 1806 of yacc.c */ -#line 536 "./util/configparser.y" +#line 543 "./util/configparser.y" { OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, (yyvsp[(2) - (2)].str))) @@ -2629,10 +2641,10 @@ yyreduce: } break; - case 167: + case 168: /* Line 1806 of yacc.c */ -#line 543 "./util/configparser.y" +#line 550 "./util/configparser.y" { OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> @@ -2641,10 +2653,10 @@ yyreduce: } break; - case 168: + case 169: /* Line 1806 of yacc.c */ -#line 551 "./util/configparser.y" +#line 558 "./util/configparser.y" { OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> @@ -2653,10 +2665,10 @@ yyreduce: } break; - case 169: + case 170: /* Line 1806 of yacc.c */ -#line 559 "./util/configparser.y" +#line 566 "./util/configparser.y" { OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> @@ -2665,10 +2677,10 @@ yyreduce: } break; - case 170: + case 171: /* Line 1806 of yacc.c */ -#line 567 "./util/configparser.y" +#line 574 "./util/configparser.y" { OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[(2) - (2)].str))) @@ -2676,10 +2688,10 @@ yyreduce: } break; - case 171: + case 172: /* Line 1806 of yacc.c */ -#line 574 "./util/configparser.y" +#line 581 "./util/configparser.y" { OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[(2) - (2)].str))) @@ -2687,10 +2699,10 @@ yyreduce: } break; - case 172: + case 173: /* Line 1806 of yacc.c */ -#line 581 "./util/configparser.y" +#line 588 "./util/configparser.y" { OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2700,10 +2712,10 @@ yyreduce: } break; - case 173: + case 174: /* Line 1806 of yacc.c */ -#line 590 "./util/configparser.y" +#line 597 "./util/configparser.y" { OUTYY(("P(server_hide_version:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2713,10 +2725,10 @@ yyreduce: } break; - case 174: + case 175: /* Line 1806 of yacc.c */ -#line 599 "./util/configparser.y" +#line 606 "./util/configparser.y" { OUTYY(("P(server_identity:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->identity); @@ -2724,10 +2736,10 @@ yyreduce: } break; - case 175: + case 176: /* Line 1806 of yacc.c */ -#line 606 "./util/configparser.y" +#line 613 "./util/configparser.y" { OUTYY(("P(server_version:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->version); @@ -2735,10 +2747,10 @@ yyreduce: } break; - case 176: + case 177: /* Line 1806 of yacc.c */ -#line 613 "./util/configparser.y" +#line 620 "./util/configparser.y" { OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->so_rcvbuf)) @@ -2747,10 +2759,10 @@ yyreduce: } break; - case 177: + case 178: /* Line 1806 of yacc.c */ -#line 621 "./util/configparser.y" +#line 628 "./util/configparser.y" { OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->so_sndbuf)) @@ -2759,10 +2771,10 @@ yyreduce: } break; - case 178: + case 179: /* Line 1806 of yacc.c */ -#line 629 "./util/configparser.y" +#line 636 "./util/configparser.y" { OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) @@ -2776,10 +2788,10 @@ yyreduce: } break; - case 179: + case 180: /* Line 1806 of yacc.c */ -#line 642 "./util/configparser.y" +#line 649 "./util/configparser.y" { OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) @@ -2791,10 +2803,10 @@ yyreduce: } break; - case 180: + case 181: /* Line 1806 of yacc.c */ -#line 653 "./util/configparser.y" +#line 660 "./util/configparser.y" { OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->msg_cache_size)) @@ -2803,10 +2815,10 @@ yyreduce: } break; - case 181: + case 182: /* Line 1806 of yacc.c */ -#line 661 "./util/configparser.y" +#line 668 "./util/configparser.y" { OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) @@ -2820,10 +2832,10 @@ yyreduce: } break; - case 182: + case 183: /* Line 1806 of yacc.c */ -#line 674 "./util/configparser.y" +#line 681 "./util/configparser.y" { OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) @@ -2833,10 +2845,10 @@ yyreduce: } break; - case 183: + case 184: /* Line 1806 of yacc.c */ -#line 683 "./util/configparser.y" +#line 690 "./util/configparser.y" { OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0) @@ -2846,10 +2858,10 @@ yyreduce: } break; - case 184: + case 185: /* Line 1806 of yacc.c */ -#line 692 "./util/configparser.y" +#line 699 "./util/configparser.y" { OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->rrset_cache_size)) @@ -2858,10 +2870,10 @@ yyreduce: } break; - case 185: + case 186: /* Line 1806 of yacc.c */ -#line 700 "./util/configparser.y" +#line 707 "./util/configparser.y" { OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) @@ -2875,10 +2887,10 @@ yyreduce: } break; - case 186: + case 187: /* Line 1806 of yacc.c */ -#line 713 "./util/configparser.y" +#line 720 "./util/configparser.y" { OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0) @@ -2888,10 +2900,10 @@ yyreduce: } break; - case 187: + case 188: /* Line 1806 of yacc.c */ -#line 722 "./util/configparser.y" +#line 729 "./util/configparser.y" { OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[(2) - (2)].str))); verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " @@ -2900,10 +2912,10 @@ yyreduce: } break; - case 188: + case 189: /* Line 1806 of yacc.c */ -#line 730 "./util/configparser.y" +#line 737 "./util/configparser.y" { OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) @@ -2913,10 +2925,10 @@ yyreduce: } break; - case 189: + case 190: /* Line 1806 of yacc.c */ -#line 739 "./util/configparser.y" +#line 746 "./util/configparser.y" { OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[(2) - (2)].str))); verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " @@ -2925,10 +2937,10 @@ yyreduce: } break; - case 190: + case 191: /* Line 1806 of yacc.c */ -#line 747 "./util/configparser.y" +#line 754 "./util/configparser.y" { OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) @@ -2942,10 +2954,10 @@ yyreduce: } break; - case 191: + case 192: /* Line 1806 of yacc.c */ -#line 760 "./util/configparser.y" +#line 767 "./util/configparser.y" { OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->target_fetch_policy); @@ -2953,10 +2965,10 @@ yyreduce: } break; - case 192: + case 193: /* Line 1806 of yacc.c */ -#line 767 "./util/configparser.y" +#line 774 "./util/configparser.y" { OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2967,10 +2979,10 @@ yyreduce: } break; - case 193: + case 194: /* Line 1806 of yacc.c */ -#line 777 "./util/configparser.y" +#line 784 "./util/configparser.y" { OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2981,10 +2993,10 @@ yyreduce: } break; - case 194: + case 195: /* Line 1806 of yacc.c */ -#line 787 "./util/configparser.y" +#line 794 "./util/configparser.y" { OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -2995,10 +3007,10 @@ yyreduce: } break; - case 195: + case 196: /* Line 1806 of yacc.c */ -#line 797 "./util/configparser.y" +#line 804 "./util/configparser.y" { OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3009,10 +3021,10 @@ yyreduce: } break; - case 196: + case 197: /* Line 1806 of yacc.c */ -#line 807 "./util/configparser.y" +#line 814 "./util/configparser.y" { OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3023,10 +3035,10 @@ yyreduce: } break; - case 197: + case 198: /* Line 1806 of yacc.c */ -#line 817 "./util/configparser.y" +#line 824 "./util/configparser.y" { OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3037,10 +3049,10 @@ yyreduce: } break; - case 198: + case 199: /* Line 1806 of yacc.c */ -#line 827 "./util/configparser.y" +#line 834 "./util/configparser.y" { OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3051,10 +3063,10 @@ yyreduce: } break; - case 199: + case 200: /* Line 1806 of yacc.c */ -#line 837 "./util/configparser.y" +#line 844 "./util/configparser.y" { OUTYY(("P(server_private_address:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[(2) - (2)].str))) @@ -3062,10 +3074,10 @@ yyreduce: } break; - case 200: + case 201: /* Line 1806 of yacc.c */ -#line 844 "./util/configparser.y" +#line 851 "./util/configparser.y" { OUTYY(("P(server_private_domain:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[(2) - (2)].str))) @@ -3073,10 +3085,10 @@ yyreduce: } break; - case 201: + case 202: /* Line 1806 of yacc.c */ -#line 851 "./util/configparser.y" +#line 858 "./util/configparser.y" { OUTYY(("P(server_prefetch:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3086,10 +3098,10 @@ yyreduce: } break; - case 202: + case 203: /* Line 1806 of yacc.c */ -#line 860 "./util/configparser.y" +#line 867 "./util/configparser.y" { OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3099,10 +3111,10 @@ yyreduce: } break; - case 203: + case 204: /* Line 1806 of yacc.c */ -#line 869 "./util/configparser.y" +#line 876 "./util/configparser.y" { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0) @@ -3112,10 +3124,10 @@ yyreduce: } break; - case 204: + case 205: /* Line 1806 of yacc.c */ -#line 878 "./util/configparser.y" +#line 885 "./util/configparser.y" { OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[(2) - (2)].str))) @@ -3123,10 +3135,10 @@ yyreduce: } break; - case 205: + case 206: /* Line 1806 of yacc.c */ -#line 885 "./util/configparser.y" +#line 892 "./util/configparser.y" { OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3137,10 +3149,10 @@ yyreduce: } break; - case 206: + case 207: /* Line 1806 of yacc.c */ -#line 895 "./util/configparser.y" +#line 902 "./util/configparser.y" { OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[(2) - (3)].str), (yyvsp[(3) - (3)].str))); if(strcmp((yyvsp[(3) - (3)].str), "deny")!=0 && strcmp((yyvsp[(3) - (3)].str), "refuse")!=0 && @@ -3155,17 +3167,6 @@ yyreduce: } break; - case 207: - -/* Line 1806 of yacc.c */ -#line 909 "./util/configparser.y" - { - OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[(2) - (2)].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, (yyvsp[(2) - (2)].str))) - fatal_exit("out of memory adding client-subnet"); - } - break; - case 208: /* Line 1806 of yacc.c */ @@ -3727,7 +3728,7 @@ yyreduce: /* Line 1806 of yacc.c */ -#line 3731 "util/configparser.c" +#line 3732 "util/configparser.c" default: break; } /* User semantic actions sometimes alter yychar, and that requires diff --git a/util/configparser.y b/util/configparser.y index 742439250..e33ffd7ca 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -255,6 +255,13 @@ server_port: VAR_PORT STRING_ARG free($2); } ; +server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG + { + OUTYY(("P(server_send_client_subnet:%s)\n", $2)); + if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2)) + fatal_exit("out of memory adding client-subnet"); + } + ; server_client_subnet_opc: VAR_CLIENT_SUBNET_OPCODE STRING_ARG { OUTYY(("P(client_subnet_opc:%s)\n", $2)); @@ -269,7 +276,7 @@ server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2)); if(atoi($2) == 0) yyerror("IPv4 subnet length expected"); - else cfg_parser->cfg->client_subnet_opc = atoi($2); + else cfg_parser->cfg->max_client_subnet_ipv4 = atoi($2); free($2); } ; @@ -278,7 +285,7 @@ server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2)); if(atoi($2) == 0) yyerror("Ipv6 subnet length expected"); - else cfg_parser->cfg->client_subnet_opc = atoi($2); + else cfg_parser->cfg->max_client_subnet_ipv6 = atoi($2); free($2); } ; @@ -905,13 +912,6 @@ server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG } } ; -server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG - { - OUTYY(("P(server_send_client_subnet:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2)) - fatal_exit("out of memory adding client-subnet"); - } - ; server_module_conf: VAR_MODULE_CONF STRING_ARG { OUTYY(("P(server_module_conf:%s)\n", $2)); diff --git a/util/data/msgencode.c b/util/data/msgencode.c index e3ba948b9..045318d48 100644 --- a/util/data/msgencode.c +++ b/util/data/msgencode.c @@ -729,7 +729,6 @@ void attach_edns_record(ldns_buffer* pkt, struct edns_data* edns) { size_t len, sn_octs, sn_octs_remainder; - int i; if(!edns || !edns->edns_present) return; /* inc additional count */ @@ -745,14 +744,14 @@ attach_edns_record(ldns_buffer* pkt, struct edns_data* edns) ldns_buffer_write_u8(pkt, edns->ext_rcode); /* ttl */ ldns_buffer_write_u8(pkt, edns->edns_version); ldns_buffer_write_u16(pkt, edns->bits); - /* YBS: do vandergaast hier! */ + /* Add edns-subnet option to record */ if(edns->subnet_option_add) { assert(edns.addr_fam == IANA_ADDRFAM_IP4 || edns.addr_fam == IANA_ADDRFAM_IP6); assert(edns.addr_fam != IANA_ADDRFAM_IP4 || - edns->subnet_source_mask <= 32); + edns->subnet_source_mask <= INET_SIZE*8); assert(edns.addr_fam != IANA_ADDRFAM_IP6 || - edns->subnet_source_mask <= 128); //ipv6 addr fam? + edns->subnet_source_mask <= INET6_SIZE*8); sn_octs = edns->subnet_source_mask / 8; sn_octs_remainder = (edns->subnet_source_mask % 8)>0?1:0; @@ -773,7 +772,6 @@ attach_edns_record(ldns_buffer* pkt, struct edns_data* edns) ldns_buffer_write_u8(pkt, edns->subnet_addr[sn_octs] & ~(0xFF >> (edns->subnet_source_mask % 8))); } else ldns_buffer_write_u16(pkt, 0); /* rdatalen */ - /* //YBS: do vandergaast hier! */ ldns_buffer_flip(pkt); } diff --git a/util/data/msgparse.h b/util/data/msgparse.h index 85c51289a..b0c665e2a 100644 --- a/util/data/msgparse.h +++ b/util/data/msgparse.h @@ -211,13 +211,11 @@ struct edns_data { uint16_t bits; /** UDP reassembly size. */ uint16_t udp_size; - // YBS add vandergaast here int subnet_option_add; uint16_t subnet_addr_fam; uint8_t subnet_source_mask; uint8_t subnet_scope_mask; uint8_t subnet_addr[16]; - // YBS add vandergaast here }; /** diff --git a/util/net_help.c b/util/net_help.c index 2a8713c3d..151b34fcc 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -52,7 +52,7 @@ #define MAX_ADDR_STRLEN 128 /* characters */ /** default value for EDNS ADVERTISED size */ uint16_t EDNS_ADVERTISED_SIZE = 4096; -/** YBS: opcode for edns subnet option, is TBD. */ +/** Opcode for edns subnet option, is TBD. */ uint16_t EDNS_SUBNET_OPC = 0x50fa; /** minimal responses when positive answer: default is no */ diff --git a/util/net_help.h b/util/net_help.h index f8a3da998..e8f44b3b0 100644 --- a/util/net_help.h +++ b/util/net_help.h @@ -81,7 +81,7 @@ struct regional; #define EDNS_ADVERTISED_VERSION 0 /** Advertised size of EDNS capabilities */ extern uint16_t EDNS_ADVERTISED_SIZE; -/** YBS: opcode for edns subnet option, is TBD. */ +/** Opcode for edns subnet option, is TBD. */ extern uint16_t EDNS_SUBNET_OPC; /** bits for EDNS bitfield */ #define EDNS_DO 0x8000 /* Dnssec Ok */