xref: /openbsd/usr.sbin/nsd/options.h (revision bf87c3c0)
1 /*
2  * options.h -- nsd.conf options definitions and prototypes
3  *
4  * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5  *
6  * See LICENSE for the license.
7  *
8  */
9 
10 #ifndef OPTIONS_H
11 #define OPTIONS_H
12 
13 #include <stdarg.h>
14 #include "region-allocator.h"
15 #include "rbtree.h"
16 struct query;
17 struct dname;
18 struct tsig_key;
19 struct buffer;
20 struct nsd;
21 struct proxy_protocol_port_list;
22 
23 
24 typedef struct nsd_options nsd_options_type;
25 typedef struct pattern_options pattern_options_type;
26 typedef struct zone_options zone_options_type;
27 typedef struct range_option range_option_type;
28 typedef struct ip_address_option ip_address_option_type;
29 typedef struct cpu_option cpu_option_type;
30 typedef struct cpu_map_option cpu_map_option_type;
31 typedef struct acl_options acl_options_type;
32 typedef struct key_options key_options_type;
33 typedef struct tls_auth_options tls_auth_options_type;
34 typedef struct config_parser_state config_parser_state_type;
35 
36 #define VERIFY_ZONE_INHERIT (2)
37 #define VERIFIER_FEED_ZONE_INHERIT (2)
38 #define VERIFIER_TIMEOUT_INHERIT (-1)
39 #define CATALOG_ROLE_INHERIT  (0)
40 #define CATALOG_ROLE_CONSUMER (1)
41 #define CATALOG_ROLE_PRODUCER (2)
42 
43 /*
44  * Options global for nsd.
45  */
46 struct nsd_options {
47 	/* config file name */
48 	char* configfile;
49 	/* options for zones, by apex, contains zone_options */
50 	rbtree_type* zone_options;
51 	/* patterns, by name, contains pattern_options */
52 	rbtree_type* patterns;
53 
54 	/* free space in zonelist file, contains zonelist_bucket */
55 	rbtree_type* zonefree;
56 	/* number of free space lines in zonelist file */
57 	size_t zonefree_number;
58 	/* zonelist file if open */
59 	FILE* zonelist;
60 	/* last offset in file (or 0 if none) */
61 	off_t zonelist_off;
62 
63 	/* tree of zonestat names and their id values, entries are struct
64 	 * zonestatname with malloced key=stringname. The number of items
65 	 * is the max statnameid, no items are freed from this.
66 	 * kept correct in the xfrd process, and on startup. */
67 	rbtree_type* zonestatnames;
68 
69 	/* rbtree of keys defined, by name */
70 	rbtree_type* keys;
71 
72 	/* rbtree of tls_auth defined, by name */
73 	rbtree_type* tls_auths;
74 
75 	/* list of ip addresses to bind to (or NULL for all) */
76 	struct ip_address_option* ip_addresses;
77 
78 	int ip_transparent;
79 	int ip_freebind;
80 	int send_buffer_size;
81 	int receive_buffer_size;
82 	int debug_mode;
83 	int verbosity;
84 	int hide_version;
85 	int hide_identity;
86 	int drop_updates;
87 	int do_ip4;
88 	int do_ip6;
89 	const char* identity;
90 	const char* version;
91 	const char* logfile;
92 	int log_only_syslog;
93 	int server_count;
94 	struct cpu_option* cpu_affinity;
95 	struct cpu_map_option* service_cpu_affinity;
96 	int tcp_count;
97 	int tcp_reject_overflow;
98 	int confine_to_zone;
99 	int tcp_query_count;
100 	int tcp_timeout;
101 	int tcp_mss;
102 	int outgoing_tcp_mss;
103 	size_t ipv4_edns_size;
104 	size_t ipv6_edns_size;
105 	const char* pidfile;
106 	const char* port;
107 	int statistics;
108 	const char* chroot;
109 	const char* username;
110 	const char* zonesdir;
111 	const char* xfrdfile;
112 	const char* xfrdir;
113 	const char* zonelistfile;
114 	const char* nsid;
115 	int xfrd_reload_timeout;
116 	int zonefiles_check;
117 	int zonefiles_write;
118 	int log_time_ascii;
119 	int round_robin;
120 	int minimal_responses;
121 	int refuse_any;
122 	int reuseport;
123 	/* max number of xfrd tcp sockets */
124 	int xfrd_tcp_max;
125 	/* max number of simultaneous requests on xfrd tcp socket */
126 	int xfrd_tcp_pipeline;
127 
128 	/* private key file for TLS */
129 	char* tls_service_key;
130 	/* ocsp stapling file for TLS */
131 	char* tls_service_ocsp;
132 	/* certificate file for TLS */
133 	char* tls_service_pem;
134 	/* TLS dedicated port */
135 	const char* tls_port;
136 	/* TLS certificate bundle */
137 	const char* tls_cert_bundle;
138 
139 	/* proxy protocol port list */
140 	struct proxy_protocol_port_list* proxy_protocol_port;
141 
142 	/** remote control section. enable toggle. */
143 	int control_enable;
144 	/** the interfaces the remote control should listen on */
145 	struct ip_address_option* control_interface;
146 	/** port number for the control port */
147 	int control_port;
148 	/** private key file for server */
149 	char* server_key_file;
150 	/** certificate file for server */
151 	char* server_cert_file;
152 	/** private key file for nsd-control */
153 	char* control_key_file;
154 	/** certificate file for nsd-control */
155 	char* control_cert_file;
156 
157 #ifdef RATELIMIT
158 	/** number of buckets in rrl hashtable */
159 	size_t rrl_size;
160 	/** max qps for queries, 0 is nolimit */
161 	size_t rrl_ratelimit;
162 	/** ratio of slipped responses, 0 is noslip */
163 	size_t rrl_slip;
164 	/** ip prefix length */
165 	size_t rrl_ipv4_prefix_length;
166 	size_t rrl_ipv6_prefix_length;
167 	/** max qps for whitelisted queries, 0 is nolimit */
168 	size_t rrl_whitelist_ratelimit;
169 #endif
170 	/** if dnstap is enabled */
171 	int dnstap_enable;
172 	/** dnstap socket path */
173 	char* dnstap_socket_path;
174 	/** dnstap IP, if "", it uses socket path. */
175 	char* dnstap_ip;
176 	/** dnstap TLS enable */
177 	int dnstap_tls;
178 	/** dnstap tls server authentication name */
179 	char* dnstap_tls_server_name;
180 	/** dnstap server cert bundle */
181 	char* dnstap_tls_cert_bundle;
182 	/** dnstap client key for client authentication */
183 	char* dnstap_tls_client_key_file;
184 	/** dnstap client cert for client authentication */
185 	char* dnstap_tls_client_cert_file;
186 	/** true to send "identity" via dnstap */
187 	int dnstap_send_identity;
188 	/** true to send "version" via dnstap */
189 	int dnstap_send_version;
190 	/** dnstap "identity", hostname is used if "". */
191 	char* dnstap_identity;
192 	/** dnstap "version", package version is used if "". */
193 	char* dnstap_version;
194 	/** true to log dnstap AUTH_QUERY message events */
195 	int dnstap_log_auth_query_messages;
196 	/** true to log dnstap AUTH_RESPONSE message events */
197 	int dnstap_log_auth_response_messages;
198 
199 	/** do answer with server cookie when request contained cookie option */
200 	int answer_cookie;
201 	/** cookie secret */
202 	char *cookie_secret;
203 	/** path to cookie secret store */
204 	char const* cookie_secret_file;
205 	/** enable verify */
206 	int verify_enable;
207 	/** list of ip addresses used to serve zones for verification */
208 	struct ip_address_option* verify_ip_addresses;
209 	/** default port 5347 */
210 	char *verify_port;
211 	/** verify zones by default */
212 	int verify_zones;
213 	/** default command to verify zones with */
214 	char **verifier;
215 	/** maximum number of verifiers that may run simultaneously */
216 	int verifier_count;
217 	/** whether or not to feed the zone to the verifier over stdin */
218 	uint8_t verifier_feed_zone;
219 	/** maximum number of seconds that a verifier may take */
220 	uint32_t verifier_timeout;
221 
222 	region_type* region;
223 };
224 
225 struct range_option {
226 	struct range_option* next;
227 	int first;
228 	int last;
229 };
230 
231 struct ip_address_option {
232 	struct ip_address_option* next;
233 	char* address;
234 	struct range_option* servers;
235 	int dev;
236 	int fib;
237 };
238 
239 struct cpu_option {
240 	struct cpu_option* next;
241 	int cpu;
242 };
243 
244 struct cpu_map_option {
245 	struct cpu_map_option* next;
246 	int service;
247 	int cpu;
248 };
249 
250 /*
251  * Defines for min_expire_time_expr value
252  */
253 #define EXPIRE_TIME_HAS_VALUE     0
254 #define EXPIRE_TIME_IS_DEFAULT    1
255 #define REFRESHPLUSRETRYPLUS1     2
256 #define REFRESHPLUSRETRYPLUS1_STR "refresh+retry+1"
257 #define expire_time_is_default(x) (!(  (x) == REFRESHPLUSRETRYPLUS1 \
258                                     || (x) == EXPIRE_TIME_HAS_VALUE ))
259 
260 
261 /*
262  * Pattern of zone options, used to contain options for zone(s).
263  */
264 struct pattern_options {
265 	rbnode_type node;
266 	const char* pname; /* name of the pattern, key of rbtree */
267 	const char* zonefile;
268 	struct acl_options* allow_notify;
269 	struct acl_options* request_xfr;
270 	struct acl_options* notify;
271 	struct acl_options* provide_xfr;
272 	struct acl_options* allow_query;
273 	struct acl_options* outgoing_interface;
274 	const char* zonestats;
275 #ifdef RATELIMIT
276 	uint16_t rrl_whitelist; /* bitmap with rrl types */
277 #endif
278 	uint8_t allow_axfr_fallback;
279 	uint8_t allow_axfr_fallback_is_default;
280 	uint8_t notify_retry;
281 	uint8_t notify_retry_is_default;
282 	uint8_t implicit; /* pattern is implicit, part_of_config zone used */
283 	uint8_t xfrd_flags;
284 	uint32_t max_refresh_time;
285 	uint8_t max_refresh_time_is_default;
286 	uint32_t min_refresh_time;
287 	uint8_t min_refresh_time_is_default;
288 	uint32_t max_retry_time;
289 	uint8_t max_retry_time_is_default;
290 	uint32_t min_retry_time;
291 	uint8_t min_retry_time_is_default;
292 	uint32_t min_expire_time;
293 	/* min_expir_time_expr is either a known value (REFRESHPLUSRETRYPLUS1
294 	 * or EXPIRE_EXPR_HAS_VALUE) or else min_expire_time is the default.
295 	 * This can be tested with expire_time_is_default(x) define.
296 	 */
297 	uint8_t min_expire_time_expr;
298 	uint64_t size_limit_xfr;
299 	uint8_t multi_primary_check;
300 	uint8_t store_ixfr;
301 	uint8_t store_ixfr_is_default;
302 	uint64_t ixfr_size;
303 	uint8_t ixfr_size_is_default;
304 	uint32_t ixfr_number;
305 	uint8_t ixfr_number_is_default;
306 	uint8_t create_ixfr;
307 	uint8_t create_ixfr_is_default;
308 	uint8_t verify_zone;
309 	uint8_t verify_zone_is_default;
310 	char **verifier;
311 	uint8_t verifier_feed_zone;
312 	uint8_t verifier_feed_zone_is_default;
313 	int32_t verifier_timeout;
314 	uint8_t verifier_timeout_is_default;
315 	uint8_t catalog_role;
316 	uint8_t catalog_role_is_default;
317 	const char* catalog_member_pattern;
318 	const char* catalog_producer_zone;
319 } ATTR_PACKED;
320 
321 #define PATTERN_IMPLICIT_MARKER "_implicit_"
322 
323 /*
324  * Options for a zone
325  */
326 struct zone_options {
327 	/* key is dname of apex */
328 	rbnode_type node;
329 
330 	/* is apex of the zone */
331 	const char* name;
332 	/* if not part of config, the offset and linesize of zonelist entry */
333 	off_t off;
334 	int linesize;
335 	/* pattern for the zone options, if zone is part_of_config, this is
336 	 * a anonymous pattern created in-place */
337 	struct pattern_options* pattern;
338 	/* zone is fixed into the main config, not in zonelist, cannot delete */
339 	unsigned part_of_config        : 1;
340 	unsigned is_catalog_member_zone: 1;
341 } ATTR_PACKED;
342 
343 /*
344  * Options for catalog member zones
345  * assert(options->is_catalog_member_zone == 1)
346  * when options->pattern->catalog_producer_zone is set, this is a
347  * producer member zone, otherwise a consumer member zone.
348  * A catalog member zone is either a member zone of a catalog producer zone
349  * or a catalog consumer zone. They are mutually exclusive.
350  */
351 struct catalog_member_zone {
352 	struct zone_options          options;
353 	const struct dname*          member_id;
354 	/* node in the associated catalog consumer or producer zone */
355 	rbnode_type                  node;
356 } ATTR_PACKED;
357 
358 typedef void (*new_member_id_type)(struct catalog_member_zone* zone);
359 
360 union acl_addr_storage {
361 #ifdef INET6
362 	struct in_addr addr;
363 	struct in6_addr addr6;
364 #else
365 	struct in_addr addr;
366 #endif
367 };
368 
369 /*
370  * Access control list element
371  */
372 struct acl_options {
373 	struct acl_options* next;
374 
375 	/* options */
376 	time_t ixfr_disabled;
377 	int bad_xfr_count;
378 	uint8_t use_axfr_only;
379 	uint8_t allow_udp;
380 
381 	/* ip address range */
382 	const char* ip_address_spec;
383 	uint8_t is_ipv6;
384 	unsigned int port;	/* is 0(no port) or suffix @port value */
385 	union acl_addr_storage addr;
386 	union acl_addr_storage range_mask;
387 	enum {
388 		acl_range_single = 0,	/* single address */
389 		acl_range_mask = 1,	/* 10.20.30.40&255.255.255.0 */
390 		acl_range_subnet = 2,	/* 10.20.30.40/28 */
391 		acl_range_minmax = 3	/* 10.20.30.40-10.20.30.60 (mask=max) */
392 	} rangetype;
393 
394 	/* key */
395 	uint8_t nokey;
396 	uint8_t blocked;
397 	const char* key_name;
398 	struct key_options* key_options;
399 
400 	/* tls_auth for XoT */
401 	const char* tls_auth_name;
402 	struct tls_auth_options* tls_auth_options;
403 } ATTR_PACKED;
404 
405 /*
406  * Key definition
407  */
408 struct key_options {
409 	rbnode_type node; /* key of tree is name */
410 	char* name;
411 	char* algorithm;
412 	char* secret;
413 	struct tsig_key* tsig_key;
414 } ATTR_PACKED;
415 
416 /*
417  * TLS Auth definition for XoT
418  */
419 struct tls_auth_options {
420 	rbnode_type node; /* key of tree is name */
421 	char* name;
422 	char* auth_domain_name;
423 	char* client_cert;
424 	char* client_key;
425 	char* client_key_pw;
426 };
427 
428 /* proxy protocol port option list */
429 struct proxy_protocol_port_list {
430 	struct proxy_protocol_port_list* next;
431 	int port;
432 };
433 
434 /** zone list free space */
435 struct zonelist_free {
436 	struct zonelist_free* next;
437 	off_t off;
438 };
439 /** zonelist free bucket for a particular line length */
440 struct zonelist_bucket {
441 	rbnode_type node; /* key is ptr to linesize */
442 	int linesize;
443 	struct zonelist_free* list;
444 };
445 
446 /* default zonefile write interval if database is "", in seconds */
447 #define ZONEFILES_WRITE_INTERVAL 3600
448 
449 struct zonestatname {
450 	rbnode_type node; /* key is malloced string with cooked zonestat name */
451 	unsigned id; /* index in nsd.zonestat array */
452 };
453 
454 /*
455  * Used during options parsing
456  */
457 struct config_parser_state {
458 	char* filename;
459 	const char* chroot;
460 	int line;
461 	int errors;
462 	struct nsd_options* opt;
463 	struct pattern_options *pattern;
464 	struct zone_options *zone;
465 	struct key_options *key;
466 	struct tls_auth_options *tls_auth;
467 	struct ip_address_option *ip;
468 	void (*err)(void*,const char*);
469 	void* err_arg;
470 };
471 
472 extern config_parser_state_type* cfg_parser;
473 
474 /* region will be put in nsd_options struct. Returns empty options struct. */
475 struct nsd_options* nsd_options_create(region_type* region);
476 /* the number of zones that are configured */
nsd_options_num_zones(struct nsd_options * opt)477 static inline size_t nsd_options_num_zones(struct nsd_options* opt)
478 { return opt->zone_options->count; }
479 /* insert a zone into the main options tree, returns 0 on error */
480 int nsd_options_insert_zone(struct nsd_options* opt, struct zone_options* zone);
481 /* insert a pattern into the main options tree, returns 0 on error */
482 int nsd_options_insert_pattern(struct nsd_options* opt,
483 	struct pattern_options* pat);
484 
485 /* parses options file. Returns false on failure. callback, if nonNULL,
486  * gets called with error strings, default prints. */
487 int parse_options_file(struct nsd_options* opt, const char* file,
488 	void (*err)(void*,const char*), void* err_arg,
489 	struct nsd_options* old_opts);
490 struct zone_options* zone_options_create(region_type* region);
491 void zone_options_delete(struct nsd_options* opt, struct zone_options* zone);
492 struct catalog_member_zone* catalog_member_zone_create(region_type* region);
as_catalog_member_zone(struct zone_options * zopt)493 static inline struct catalog_member_zone* as_catalog_member_zone(struct zone_options* zopt)
494 { return zopt && zopt->is_catalog_member_zone ? (struct catalog_member_zone*)zopt : NULL; }
495 /* find a zone by apex domain name, or NULL if not found. */
496 struct zone_options* zone_options_find(struct nsd_options* opt,
497 	const struct dname* apex);
498 struct pattern_options* pattern_options_create(region_type* region);
499 struct pattern_options* pattern_options_find(struct nsd_options* opt, const char* name);
500 int pattern_options_equal(struct pattern_options* p, struct pattern_options* q);
501 void pattern_options_remove(struct nsd_options* opt, const char* name);
502 void pattern_options_add_modify(struct nsd_options* opt,
503 	struct pattern_options* p);
504 void pattern_options_marshal(struct buffer* buffer, struct pattern_options* p);
505 struct pattern_options* pattern_options_unmarshal(region_type* r,
506 	struct buffer* b);
507 struct key_options* key_options_create(region_type* region);
508 void key_options_insert(struct nsd_options* opt, struct key_options* key);
509 struct key_options* key_options_find(struct nsd_options* opt, const char* name);
510 void key_options_remove(struct nsd_options* opt, const char* name);
511 int key_options_equal(struct key_options* p, struct key_options* q);
512 void key_options_add_modify(struct nsd_options* opt, struct key_options* key);
513 void key_options_setup(region_type* region, struct key_options* key);
514 void key_options_desetup(region_type* region, struct key_options* key);
515 /* TLS auth */
516 struct tls_auth_options* tls_auth_options_create(region_type* region);
517 void tls_auth_options_insert(struct nsd_options* opt, struct tls_auth_options* auth);
518 struct tls_auth_options* tls_auth_options_find(struct nsd_options* opt, const char* name);
519 /* read in zone list file. Returns false on failure */
520 int parse_zone_list_file(struct nsd_options* opt);
521 /* create (potential) catalog producer member entry and add to the zonelist */
522 struct zone_options* zone_list_add_or_cat(struct nsd_options* opt,
523 	const char* zname, const char* pname, new_member_id_type new_member_id);
524 /* create zone entry and add to the zonelist file */
zone_list_add(struct nsd_options * opt,const char * zname,const char * pname)525 static inline struct zone_options* zone_list_add(struct nsd_options* opt,
526 	const char* zname, const char* pname)
527 { return zone_list_add_or_cat(opt, zname, pname, NULL); }
528 /* create zonelist entry, do not insert in file (called by _add) */
529 struct zone_options* zone_list_zone_insert(struct nsd_options* opt,
530 	const char* nm, const char* patnm);
531 void zone_list_del(struct nsd_options* opt, struct zone_options* zone);
532 void zone_list_compact(struct nsd_options* opt);
533 void zone_list_close(struct nsd_options* opt);
534 
535 /* create zonestat name tree , for initially created zones */
536 void options_zonestatnames_create(struct nsd_options* opt);
537 /* Get zonestat id for zone options, add new entry if necessary.
538  * instantiates the pattern's zonestat string */
539 unsigned getzonestatid(struct nsd_options* opt, struct zone_options* zopt);
540 /* create string, same options as zonefile but no chroot changes */
541 const char* config_cook_string(struct zone_options* zone, const char* input);
542 
543 /** check if config for remote control turns on IP-address interface
544  * with certificates or a named pipe without certificates. */
545 int options_remote_is_address(struct nsd_options* cfg);
546 
547 #if defined(HAVE_SSL)
548 /* tsig must be inited, adds all keys in options to tsig. */
549 void key_options_tsig_add(struct nsd_options* opt);
550 #endif
551 
552 /* check acl list, acl number that matches if passed(0..),
553  * or failure (-1) if dropped */
554 /* the reason why (the acl) is returned too (or NULL) */
555 int acl_check_incoming(struct acl_options* acl, struct query* q,
556 	struct acl_options** reason);
557 int acl_addr_matches_host(struct acl_options* acl, struct acl_options* host);
558 int acl_addr_matches(struct acl_options* acl, struct query* q);
559 int acl_addr_matches_proxy(struct acl_options* acl, struct query* q);
560 int acl_key_matches(struct acl_options* acl, struct query* q);
561 int acl_addr_match_mask(uint32_t* a, uint32_t* b, uint32_t* mask, size_t sz);
562 int acl_addr_match_range_v6(uint32_t* minval, uint32_t* x, uint32_t* maxval, size_t sz);
563 int acl_addr_match_range_v4(uint32_t* minval, uint32_t* x, uint32_t* maxval, size_t sz);
564 
565 /* check acl list for blocks on address, return 0 if none, -1 if blocked. */
566 int acl_check_incoming_block_proxy(struct acl_options* acl, struct query* q,
567 	struct acl_options** reason);
568 
569 /* returns true if acls are both from the same host */
570 int acl_same_host(struct acl_options* a, struct acl_options* b);
571 /* find acl by number in the list */
572 struct acl_options* acl_find_num(struct acl_options* acl, int num);
573 
574 /* see if two acl lists are the same (same elements in same order, or empty) */
575 int acl_list_equal(struct acl_options* p, struct acl_options* q);
576 /* see if two acl are the same */
577 int acl_equal(struct acl_options* p, struct acl_options* q);
578 
579 /* see if a zone is a slave or a master zone */
580 int zone_is_slave(struct zone_options* opt);
581 /* see if a zone is a catalog consumer */
zone_is_catalog_consumer(struct zone_options * opt)582 static inline int zone_is_catalog_consumer(struct zone_options* opt)
583 { return opt && opt->pattern
584              && opt->pattern->catalog_role == CATALOG_ROLE_CONSUMER; }
zone_is_catalog_producer(struct zone_options * opt)585 static inline int zone_is_catalog_producer(struct zone_options* opt)
586 { return opt && opt->pattern
587              && opt->pattern->catalog_role == CATALOG_ROLE_PRODUCER; }
zone_is_catalog_member(struct zone_options * opt)588 static inline int zone_is_catalog_member(struct zone_options* opt)
589 { return opt && opt->is_catalog_member_zone; }
zone_is_catalog_producer_member(struct zone_options * opt)590 static inline const char* zone_is_catalog_producer_member(struct zone_options* opt)
591 { return opt && opt->pattern && opt->pattern->catalog_producer_zone
592                               ? opt->pattern->catalog_producer_zone : NULL; }
zone_is_catalog_consumer_member(struct zone_options * opt)593 static inline int zone_is_catalog_consumer_member(struct zone_options* opt)
594 { return zone_is_catalog_member(opt) && !zone_is_catalog_producer_member(opt); }
595 /* create zonefile name, returns static pointer (perhaps to options data) */
596 const char* config_make_zonefile(struct zone_options* zone, struct nsd* nsd);
597 
598 #define ZONEC_PCT_TIME 5 /* seconds, then it starts to print pcts */
599 #define ZONEC_PCT_COUNT 100000 /* elements before pct check is done */
600 
601 /* parsing helpers */
602 void c_error(const char* msg, ...) ATTR_FORMAT(printf, 1,2);
603 int c_wrap(void);
604 struct acl_options* parse_acl_info(region_type* region, char* ip,
605 	const char* key);
606 /* true if ipv6 address, false if ipv4 */
607 int parse_acl_is_ipv6(const char* p);
608 /* returns range type. mask is the 2nd part of the range */
609 int parse_acl_range_type(char* ip, char** mask);
610 /* parses subnet mask, fills 0 mask as well */
611 void parse_acl_range_subnet(char* p, void* addr, int maxbits);
612 /* clean up options */
613 void nsd_options_destroy(struct nsd_options* opt);
614 /* replace occurrences of one with two in buf, pass length of buffer */
615 void replace_str(char* buf, size_t len, const char* one, const char* two);
616 /* apply pattern to the existing pattern in the parser */
617 void config_apply_pattern(struct pattern_options *dest, const char* name);
618 /* if the file is a directory, print a warning, because flex just exit()s
619  * when a fileread fails because it is a directory, helps the user figure
620  * out what just happened */
621 void warn_if_directory(const char* filetype, FILE* f, const char* fname);
622 /* resolve interface names in the options "ip-address:" (or "interface:")
623  * and "control-interface:" into the ip-addresses associated with those
624  * names. */
625 void resolve_interface_names(struct nsd_options* options);
626 
627 /* See if the sockaddr port number is listed in the proxy protocol ports. */
628 int sockaddr_uses_proxy_protocol_port(struct nsd_options* options,
629 	struct sockaddr* addr);
630 
631 #endif /* OPTIONS_H */
632