1 %{ 2 /* 3 * configlexer.lex - lexical analyzer for unbound config file 4 * 5 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved 6 * 7 * See LICENSE for the license. 8 * 9 */ 10 11 /* because flex keeps having sign-unsigned compare problems that are unfixed*/ 12 #if defined(__clang__)||(defined(__GNUC__)&&((__GNUC__ >4)||(defined(__GNUC_MINOR__)&&(__GNUC__ ==4)&&(__GNUC_MINOR__ >=2)))) 13 #pragma GCC diagnostic ignored "-Wsign-compare" 14 #endif 15 16 #include <ctype.h> 17 #include <strings.h> 18 #ifdef HAVE_GLOB_H 19 # include <glob.h> 20 #endif 21 22 #include "util/config_file.h" 23 #include "util/configparser.h" 24 void ub_c_error(const char *message); 25 26 #if 0 27 #define LEXOUT(s) printf s /* used ONLY when debugging */ 28 #else 29 #define LEXOUT(s) 30 #endif 31 32 /** avoid warning in about fwrite return value */ 33 #define ECHO ub_c_error_msg("syntax error at text: %s", yytext) 34 35 /** A parser variable, this is a statement in the config file which is 36 * of the form variable: value1 value2 ... nargs is the number of values. */ 37 #define YDVAR(nargs, var) \ 38 num_args=(nargs); \ 39 LEXOUT(("v(%s%d) ", yytext, num_args)); \ 40 if(num_args > 0) { BEGIN(val); } \ 41 return (var); 42 43 struct inc_state { 44 char* filename; 45 int line; 46 YY_BUFFER_STATE buffer; 47 struct inc_state* next; 48 int inc_toplevel; 49 }; 50 static struct inc_state* config_include_stack = NULL; 51 static int inc_depth = 0; 52 static int inc_prev = 0; 53 static int num_args = 0; 54 static int inc_toplevel = 0; 55 56 void init_cfg_parse(void) 57 { 58 config_include_stack = NULL; 59 inc_depth = 0; 60 inc_prev = 0; 61 num_args = 0; 62 inc_toplevel = 0; 63 } 64 65 static void config_start_include(const char* filename, int toplevel) 66 { 67 FILE *input; 68 struct inc_state* s; 69 char* nm; 70 if(inc_depth+1 > 100000) { 71 ub_c_error_msg("too many include files"); 72 return; 73 } 74 if(*filename == '\0') { 75 ub_c_error_msg("empty include file name"); 76 return; 77 } 78 s = (struct inc_state*)malloc(sizeof(*s)); 79 if(!s) { 80 ub_c_error_msg("include %s: malloc failure", filename); 81 return; 82 } 83 if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, 84 strlen(cfg_parser->chroot)) == 0) { 85 filename += strlen(cfg_parser->chroot); 86 } 87 nm = strdup(filename); 88 if(!nm) { 89 ub_c_error_msg("include %s: strdup failure", filename); 90 free(s); 91 return; 92 } 93 input = fopen(filename, "r"); 94 if(!input) { 95 ub_c_error_msg("cannot open include file '%s': %s", 96 filename, strerror(errno)); 97 free(s); 98 free(nm); 99 return; 100 } 101 LEXOUT(("switch_to_include_file(%s)\n", filename)); 102 inc_depth++; 103 s->filename = cfg_parser->filename; 104 s->line = cfg_parser->line; 105 s->buffer = YY_CURRENT_BUFFER; 106 s->inc_toplevel = inc_toplevel; 107 s->next = config_include_stack; 108 config_include_stack = s; 109 cfg_parser->filename = nm; 110 cfg_parser->line = 1; 111 inc_toplevel = toplevel; 112 yy_switch_to_buffer(yy_create_buffer(input, YY_BUF_SIZE)); 113 } 114 115 static void config_start_include_glob(const char* filename, int toplevel) 116 { 117 118 /* check for wildcards */ 119 #ifdef HAVE_GLOB 120 glob_t g; 121 int i, r, flags; 122 if(!(!strchr(filename, '*') && !strchr(filename, '?') && !strchr(filename, '[') && 123 !strchr(filename, '{') && !strchr(filename, '~'))) { 124 flags = 0 125 #ifdef GLOB_ERR 126 | GLOB_ERR 127 #endif 128 /* do not set GLOB_NOSORT so the results are sorted 129 and in a predictable order. */ 130 #ifdef GLOB_BRACE 131 | GLOB_BRACE 132 #endif 133 #ifdef GLOB_TILDE 134 | GLOB_TILDE 135 #endif 136 ; 137 memset(&g, 0, sizeof(g)); 138 if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, 139 strlen(cfg_parser->chroot)) == 0) { 140 filename += strlen(cfg_parser->chroot); 141 } 142 r = glob(filename, flags, NULL, &g); 143 if(r) { 144 /* some error */ 145 globfree(&g); 146 if(r == GLOB_NOMATCH) 147 return; /* no matches for pattern */ 148 config_start_include(filename, toplevel); /* let original deal with it */ 149 return; 150 } 151 /* process files found, if any */ 152 for(i=(int)g.gl_pathc-1; i>=0; i--) { 153 config_start_include(g.gl_pathv[i], toplevel); 154 } 155 globfree(&g); 156 return; 157 } 158 #endif /* HAVE_GLOB */ 159 160 config_start_include(filename, toplevel); 161 } 162 163 static void config_end_include(void) 164 { 165 struct inc_state* s = config_include_stack; 166 --inc_depth; 167 if(!s) return; 168 free(cfg_parser->filename); 169 cfg_parser->filename = s->filename; 170 cfg_parser->line = s->line; 171 yy_delete_buffer(YY_CURRENT_BUFFER); 172 yy_switch_to_buffer(s->buffer); 173 config_include_stack = s->next; 174 inc_toplevel = s->inc_toplevel; 175 free(s); 176 } 177 178 #ifndef yy_set_bol /* compat definition, for flex 2.4.6 */ 179 #define yy_set_bol(at_bol) \ 180 { \ 181 if ( ! yy_current_buffer ) \ 182 yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ 183 yy_current_buffer->yy_ch_buf[0] = ((at_bol)?'\n':' '); \ 184 } 185 #endif 186 187 %} 188 %option noinput 189 %option nounput 190 %{ 191 #ifndef YY_NO_UNPUT 192 #define YY_NO_UNPUT 1 193 #endif 194 #ifndef YY_NO_INPUT 195 #define YY_NO_INPUT 1 196 #endif 197 %} 198 199 SPACE [ \t] 200 LETTER [a-zA-Z] 201 UNQUOTEDLETTER [^\'\"\n\r \t\\]|\\. 202 UNQUOTEDLETTER_NOCOLON [^\:\'\"\n\r \t\\]|\\. 203 NEWLINE [\r\n] 204 COMMENT \# 205 COLON \: 206 DQANY [^\"\n\r\\]|\\. 207 SQANY [^\'\n\r\\]|\\. 208 209 %x quotedstring singlequotedstr include include_quoted val include_toplevel include_toplevel_quoted 210 211 %% 212 <INITIAL,val>{SPACE}* { 213 LEXOUT(("SP ")); /* ignore */ } 214 <INITIAL,val>{SPACE}*{COMMENT}.* { 215 /* note that flex makes the longest match and '.' is any but not nl */ 216 LEXOUT(("comment(%s) ", yytext)); /* ignore */ } 217 server{COLON} { YDVAR(0, VAR_SERVER) } 218 qname-minimisation{COLON} { YDVAR(1, VAR_QNAME_MINIMISATION) } 219 qname-minimisation-strict{COLON} { YDVAR(1, VAR_QNAME_MINIMISATION_STRICT) } 220 num-threads{COLON} { YDVAR(1, VAR_NUM_THREADS) } 221 verbosity{COLON} { YDVAR(1, VAR_VERBOSITY) } 222 port{COLON} { YDVAR(1, VAR_PORT) } 223 outgoing-range{COLON} { YDVAR(1, VAR_OUTGOING_RANGE) } 224 outgoing-port-permit{COLON} { YDVAR(1, VAR_OUTGOING_PORT_PERMIT) } 225 outgoing-port-avoid{COLON} { YDVAR(1, VAR_OUTGOING_PORT_AVOID) } 226 outgoing-num-tcp{COLON} { YDVAR(1, VAR_OUTGOING_NUM_TCP) } 227 incoming-num-tcp{COLON} { YDVAR(1, VAR_INCOMING_NUM_TCP) } 228 do-ip4{COLON} { YDVAR(1, VAR_DO_IP4) } 229 do-ip6{COLON} { YDVAR(1, VAR_DO_IP6) } 230 prefer-ip4{COLON} { YDVAR(1, VAR_PREFER_IP4) } 231 prefer-ip6{COLON} { YDVAR(1, VAR_PREFER_IP6) } 232 do-udp{COLON} { YDVAR(1, VAR_DO_UDP) } 233 do-tcp{COLON} { YDVAR(1, VAR_DO_TCP) } 234 tcp-upstream{COLON} { YDVAR(1, VAR_TCP_UPSTREAM) } 235 tcp-mss{COLON} { YDVAR(1, VAR_TCP_MSS) } 236 outgoing-tcp-mss{COLON} { YDVAR(1, VAR_OUTGOING_TCP_MSS) } 237 tcp-idle-timeout{COLON} { YDVAR(1, VAR_TCP_IDLE_TIMEOUT) } 238 edns-tcp-keepalive{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) } 239 edns-tcp-keepalive-timeout{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) } 240 ssl-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } 241 tls-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } 242 ssl-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) } 243 tls-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) } 244 ssl-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) } 245 tls-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) } 246 ssl-port{COLON} { YDVAR(1, VAR_SSL_PORT) } 247 tls-port{COLON} { YDVAR(1, VAR_SSL_PORT) } 248 ssl-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) } 249 tls-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) } 250 tls-win-cert{COLON} { YDVAR(1, VAR_TLS_WIN_CERT) } 251 additional-ssl-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } 252 additional-tls-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } 253 tls-additional-ports{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } 254 tls-additional-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } 255 tls-session-ticket-keys{COLON} { YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) } 256 tls-ciphers{COLON} { YDVAR(1, VAR_TLS_CIPHERS) } 257 tls-ciphersuites{COLON} { YDVAR(1, VAR_TLS_CIPHERSUITES) } 258 tls-use-sni{COLON} { YDVAR(1, VAR_TLS_USE_SNI) } 259 https-port{COLON} { YDVAR(1, VAR_HTTPS_PORT) } 260 http-endpoint{COLON} { YDVAR(1, VAR_HTTP_ENDPOINT) } 261 http-max-streams{COLON} { YDVAR(1, VAR_HTTP_MAX_STREAMS) } 262 http-query-buffer-size{COLON} { YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) } 263 http-response-buffer-size{COLON} { YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) } 264 http-nodelay{COLON} { YDVAR(1, VAR_HTTP_NODELAY) } 265 http-notls-downstream{COLON} { YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) } 266 use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) } 267 do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) } 268 interface{COLON} { YDVAR(1, VAR_INTERFACE) } 269 ip-address{COLON} { YDVAR(1, VAR_INTERFACE) } 270 outgoing-interface{COLON} { YDVAR(1, VAR_OUTGOING_INTERFACE) } 271 interface-automatic{COLON} { YDVAR(1, VAR_INTERFACE_AUTOMATIC) } 272 so-rcvbuf{COLON} { YDVAR(1, VAR_SO_RCVBUF) } 273 so-sndbuf{COLON} { YDVAR(1, VAR_SO_SNDBUF) } 274 so-reuseport{COLON} { YDVAR(1, VAR_SO_REUSEPORT) } 275 ip-transparent{COLON} { YDVAR(1, VAR_IP_TRANSPARENT) } 276 ip-freebind{COLON} { YDVAR(1, VAR_IP_FREEBIND) } 277 ip-dscp{COLON} { YDVAR(1, VAR_IP_DSCP) } 278 chroot{COLON} { YDVAR(1, VAR_CHROOT) } 279 username{COLON} { YDVAR(1, VAR_USERNAME) } 280 directory{COLON} { YDVAR(1, VAR_DIRECTORY) } 281 logfile{COLON} { YDVAR(1, VAR_LOGFILE) } 282 pidfile{COLON} { YDVAR(1, VAR_PIDFILE) } 283 root-hints{COLON} { YDVAR(1, VAR_ROOT_HINTS) } 284 stream-wait-size{COLON} { YDVAR(1, VAR_STREAM_WAIT_SIZE) } 285 edns-buffer-size{COLON} { YDVAR(1, VAR_EDNS_BUFFER_SIZE) } 286 msg-buffer-size{COLON} { YDVAR(1, VAR_MSG_BUFFER_SIZE) } 287 msg-cache-size{COLON} { YDVAR(1, VAR_MSG_CACHE_SIZE) } 288 msg-cache-slabs{COLON} { YDVAR(1, VAR_MSG_CACHE_SLABS) } 289 rrset-cache-size{COLON} { YDVAR(1, VAR_RRSET_CACHE_SIZE) } 290 rrset-cache-slabs{COLON} { YDVAR(1, VAR_RRSET_CACHE_SLABS) } 291 cache-max-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_TTL) } 292 cache-max-negative-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } 293 cache-min-ttl{COLON} { YDVAR(1, VAR_CACHE_MIN_TTL) } 294 infra-host-ttl{COLON} { YDVAR(1, VAR_INFRA_HOST_TTL) } 295 infra-lame-ttl{COLON} { YDVAR(1, VAR_INFRA_LAME_TTL) } 296 infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) } 297 infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } 298 infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } 299 infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } 300 infra-keep-probing{COLON} { YDVAR(1, VAR_INFRA_KEEP_PROBING) } 301 num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } 302 jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) } 303 delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) } 304 udp-connect{COLON} { YDVAR(1, VAR_UDP_CONNECT) } 305 target-fetch-policy{COLON} { YDVAR(1, VAR_TARGET_FETCH_POLICY) } 306 harden-short-bufsize{COLON} { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } 307 harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } 308 harden-glue{COLON} { YDVAR(1, VAR_HARDEN_GLUE) } 309 harden-dnssec-stripped{COLON} { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } 310 harden-below-nxdomain{COLON} { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } 311 harden-referral-path{COLON} { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } 312 harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } 313 use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } 314 caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } 315 caps-exempt{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } 316 unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } 317 private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) } 318 private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } 319 prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } 320 prefetch{COLON} { YDVAR(1, VAR_PREFETCH) } 321 deny-any{COLON} { YDVAR(1, VAR_DENY_ANY) } 322 stub-zone{COLON} { YDVAR(0, VAR_STUB_ZONE) } 323 name{COLON} { YDVAR(1, VAR_NAME) } 324 stub-addr{COLON} { YDVAR(1, VAR_STUB_ADDR) } 325 stub-host{COLON} { YDVAR(1, VAR_STUB_HOST) } 326 stub-prime{COLON} { YDVAR(1, VAR_STUB_PRIME) } 327 stub-first{COLON} { YDVAR(1, VAR_STUB_FIRST) } 328 stub-no-cache{COLON} { YDVAR(1, VAR_STUB_NO_CACHE) } 329 stub-ssl-upstream{COLON} { YDVAR(1, VAR_STUB_SSL_UPSTREAM) } 330 stub-tls-upstream{COLON} { YDVAR(1, VAR_STUB_SSL_UPSTREAM) } 331 forward-zone{COLON} { YDVAR(0, VAR_FORWARD_ZONE) } 332 forward-addr{COLON} { YDVAR(1, VAR_FORWARD_ADDR) } 333 forward-host{COLON} { YDVAR(1, VAR_FORWARD_HOST) } 334 forward-first{COLON} { YDVAR(1, VAR_FORWARD_FIRST) } 335 forward-no-cache{COLON} { YDVAR(1, VAR_FORWARD_NO_CACHE) } 336 forward-ssl-upstream{COLON} { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } 337 forward-tls-upstream{COLON} { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } 338 auth-zone{COLON} { YDVAR(0, VAR_AUTH_ZONE) } 339 rpz{COLON} { YDVAR(0, VAR_RPZ) } 340 tags{COLON} { YDVAR(1, VAR_TAGS) } 341 rpz-action-override{COLON} { YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) } 342 rpz-cname-override{COLON} { YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) } 343 rpz-log{COLON} { YDVAR(1, VAR_RPZ_LOG) } 344 rpz-log-name{COLON} { YDVAR(1, VAR_RPZ_LOG_NAME) } 345 zonefile{COLON} { YDVAR(1, VAR_ZONEFILE) } 346 master{COLON} { YDVAR(1, VAR_MASTER) } 347 primary{COLON} { YDVAR(1, VAR_MASTER) } 348 url{COLON} { YDVAR(1, VAR_URL) } 349 allow-notify{COLON} { YDVAR(1, VAR_ALLOW_NOTIFY) } 350 for-downstream{COLON} { YDVAR(1, VAR_FOR_DOWNSTREAM) } 351 for-upstream{COLON} { YDVAR(1, VAR_FOR_UPSTREAM) } 352 fallback-enabled{COLON} { YDVAR(1, VAR_FALLBACK_ENABLED) } 353 view{COLON} { YDVAR(0, VAR_VIEW) } 354 view-first{COLON} { YDVAR(1, VAR_VIEW_FIRST) } 355 do-not-query-address{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } 356 do-not-query-localhost{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } 357 access-control{COLON} { YDVAR(2, VAR_ACCESS_CONTROL) } 358 send-client-subnet{COLON} { YDVAR(1, VAR_SEND_CLIENT_SUBNET) } 359 client-subnet-zone{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } 360 client-subnet-always-forward{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } 361 client-subnet-opcode{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } 362 max-client-subnet-ipv4{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } 363 max-client-subnet-ipv6{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } 364 min-client-subnet-ipv4{COLON} { YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) } 365 min-client-subnet-ipv6{COLON} { YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) } 366 max-ecs-tree-size-ipv4{COLON} { YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) } 367 max-ecs-tree-size-ipv6{COLON} { YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } 368 hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) } 369 hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) } 370 hide-trustanchor{COLON} { YDVAR(1, VAR_HIDE_TRUSTANCHOR) } 371 identity{COLON} { YDVAR(1, VAR_IDENTITY) } 372 version{COLON} { YDVAR(1, VAR_VERSION) } 373 module-config{COLON} { YDVAR(1, VAR_MODULE_CONF) } 374 dlv-anchor{COLON} { YDVAR(1, VAR_DLV_ANCHOR) } 375 dlv-anchor-file{COLON} { YDVAR(1, VAR_DLV_ANCHOR_FILE) } 376 trust-anchor-file{COLON} { YDVAR(1, VAR_TRUST_ANCHOR_FILE) } 377 auto-trust-anchor-file{COLON} { YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } 378 trusted-keys-file{COLON} { YDVAR(1, VAR_TRUSTED_KEYS_FILE) } 379 trust-anchor{COLON} { YDVAR(1, VAR_TRUST_ANCHOR) } 380 trust-anchor-signaling{COLON} { YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } 381 root-key-sentinel{COLON} { YDVAR(1, VAR_ROOT_KEY_SENTINEL) } 382 val-override-date{COLON} { YDVAR(1, VAR_VAL_OVERRIDE_DATE) } 383 val-sig-skew-min{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } 384 val-sig-skew-max{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } 385 val-bogus-ttl{COLON} { YDVAR(1, VAR_BOGUS_TTL) } 386 val-clean-additional{COLON} { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } 387 val-permissive-mode{COLON} { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } 388 aggressive-nsec{COLON} { YDVAR(1, VAR_AGGRESSIVE_NSEC) } 389 ignore-cd-flag{COLON} { YDVAR(1, VAR_IGNORE_CD_FLAG) } 390 serve-expired{COLON} { YDVAR(1, VAR_SERVE_EXPIRED) } 391 serve-expired-ttl{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_TTL) } 392 serve-expired-ttl-reset{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } 393 serve-expired-reply-ttl{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) } 394 serve-expired-client-timeout{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) } 395 serve-original-ttl{COLON} { YDVAR(1, VAR_SERVE_ORIGINAL_TTL) } 396 fake-dsa{COLON} { YDVAR(1, VAR_FAKE_DSA) } 397 fake-sha1{COLON} { YDVAR(1, VAR_FAKE_SHA1) } 398 val-log-level{COLON} { YDVAR(1, VAR_VAL_LOG_LEVEL) } 399 key-cache-size{COLON} { YDVAR(1, VAR_KEY_CACHE_SIZE) } 400 key-cache-slabs{COLON} { YDVAR(1, VAR_KEY_CACHE_SLABS) } 401 neg-cache-size{COLON} { YDVAR(1, VAR_NEG_CACHE_SIZE) } 402 val-nsec3-keysize-iterations{COLON} { 403 YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } 404 add-holddown{COLON} { YDVAR(1, VAR_ADD_HOLDDOWN) } 405 del-holddown{COLON} { YDVAR(1, VAR_DEL_HOLDDOWN) } 406 keep-missing{COLON} { YDVAR(1, VAR_KEEP_MISSING) } 407 permit-small-holddown{COLON} { YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } 408 use-syslog{COLON} { YDVAR(1, VAR_USE_SYSLOG) } 409 log-identity{COLON} { YDVAR(1, VAR_LOG_IDENTITY) } 410 log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) } 411 log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) } 412 log-replies{COLON} { YDVAR(1, VAR_LOG_REPLIES) } 413 log-tag-queryreply{COLON} { YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } 414 log-local-actions{COLON} { YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } 415 log-servfail{COLON} { YDVAR(1, VAR_LOG_SERVFAIL) } 416 local-zone{COLON} { YDVAR(2, VAR_LOCAL_ZONE) } 417 local-data{COLON} { YDVAR(1, VAR_LOCAL_DATA) } 418 local-data-ptr{COLON} { YDVAR(1, VAR_LOCAL_DATA_PTR) } 419 unblock-lan-zones{COLON} { YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } 420 insecure-lan-zones{COLON} { YDVAR(1, VAR_INSECURE_LAN_ZONES) } 421 statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) } 422 statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) } 423 extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) } 424 shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) } 425 shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) } 426 remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) } 427 control-enable{COLON} { YDVAR(1, VAR_CONTROL_ENABLE) } 428 control-interface{COLON} { YDVAR(1, VAR_CONTROL_INTERFACE) } 429 control-port{COLON} { YDVAR(1, VAR_CONTROL_PORT) } 430 control-use-cert{COLON} { YDVAR(1, VAR_CONTROL_USE_CERT) } 431 server-key-file{COLON} { YDVAR(1, VAR_SERVER_KEY_FILE) } 432 server-cert-file{COLON} { YDVAR(1, VAR_SERVER_CERT_FILE) } 433 control-key-file{COLON} { YDVAR(1, VAR_CONTROL_KEY_FILE) } 434 control-cert-file{COLON} { YDVAR(1, VAR_CONTROL_CERT_FILE) } 435 python-script{COLON} { YDVAR(1, VAR_PYTHON_SCRIPT) } 436 python{COLON} { YDVAR(0, VAR_PYTHON) } 437 dynlib-file{COLON} { YDVAR(1, VAR_DYNLIB_FILE) } 438 dynlib{COLON} { YDVAR(0, VAR_DYNLIB) } 439 domain-insecure{COLON} { YDVAR(1, VAR_DOMAIN_INSECURE) } 440 minimal-responses{COLON} { YDVAR(1, VAR_MINIMAL_RESPONSES) } 441 rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) } 442 unknown-server-time-limit{COLON} { YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } 443 max-udp-size{COLON} { YDVAR(1, VAR_MAX_UDP_SIZE) } 444 dns64-prefix{COLON} { YDVAR(1, VAR_DNS64_PREFIX) } 445 dns64-synthall{COLON} { YDVAR(1, VAR_DNS64_SYNTHALL) } 446 dns64-ignore-aaaa{COLON} { YDVAR(1, VAR_DNS64_IGNORE_AAAA) } 447 define-tag{COLON} { YDVAR(1, VAR_DEFINE_TAG) } 448 local-zone-tag{COLON} { YDVAR(2, VAR_LOCAL_ZONE_TAG) } 449 access-control-tag{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_TAG) } 450 access-control-tag-action{COLON} { YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } 451 access-control-tag-data{COLON} { YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } 452 access-control-view{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } 453 local-zone-override{COLON} { YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } 454 dnstap{COLON} { YDVAR(0, VAR_DNSTAP) } 455 dnstap-enable{COLON} { YDVAR(1, VAR_DNSTAP_ENABLE) } 456 dnstap-bidirectional{COLON} { YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } 457 dnstap-socket-path{COLON} { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } 458 dnstap-ip{COLON} { YDVAR(1, VAR_DNSTAP_IP) } 459 dnstap-tls{COLON} { YDVAR(1, VAR_DNSTAP_TLS) } 460 dnstap-tls-server-name{COLON} { YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } 461 dnstap-tls-cert-bundle{COLON} { YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } 462 dnstap-tls-client-key-file{COLON} { 463 YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } 464 dnstap-tls-client-cert-file{COLON} { 465 YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } 466 dnstap-send-identity{COLON} { YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } 467 dnstap-send-version{COLON} { YDVAR(1, VAR_DNSTAP_SEND_VERSION) } 468 dnstap-identity{COLON} { YDVAR(1, VAR_DNSTAP_IDENTITY) } 469 dnstap-version{COLON} { YDVAR(1, VAR_DNSTAP_VERSION) } 470 dnstap-log-resolver-query-messages{COLON} { 471 YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } 472 dnstap-log-resolver-response-messages{COLON} { 473 YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } 474 dnstap-log-client-query-messages{COLON} { 475 YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } 476 dnstap-log-client-response-messages{COLON} { 477 YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } 478 dnstap-log-forwarder-query-messages{COLON} { 479 YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } 480 dnstap-log-forwarder-response-messages{COLON} { 481 YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } 482 disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } 483 ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } 484 ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } 485 ip-ratelimit-slabs{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SLABS) } 486 ratelimit-slabs{COLON} { YDVAR(1, VAR_RATELIMIT_SLABS) } 487 ip-ratelimit-size{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SIZE) } 488 ratelimit-size{COLON} { YDVAR(1, VAR_RATELIMIT_SIZE) } 489 ratelimit-for-domain{COLON} { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } 490 ratelimit-below-domain{COLON} { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } 491 ip-ratelimit-factor{COLON} { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } 492 ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) } 493 low-rtt{COLON} { YDVAR(1, VAR_LOW_RTT) } 494 fast-server-num{COLON} { YDVAR(1, VAR_FAST_SERVER_NUM) } 495 low-rtt-pct{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) } 496 low-rtt-permil{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) } 497 fast-server-permil{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) } 498 response-ip-tag{COLON} { YDVAR(2, VAR_RESPONSE_IP_TAG) } 499 response-ip{COLON} { YDVAR(2, VAR_RESPONSE_IP) } 500 response-ip-data{COLON} { YDVAR(2, VAR_RESPONSE_IP_DATA) } 501 dnscrypt{COLON} { YDVAR(0, VAR_DNSCRYPT) } 502 dnscrypt-enable{COLON} { YDVAR(1, VAR_DNSCRYPT_ENABLE) } 503 dnscrypt-port{COLON} { YDVAR(1, VAR_DNSCRYPT_PORT) } 504 dnscrypt-provider{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER) } 505 dnscrypt-secret-key{COLON} { YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } 506 dnscrypt-provider-cert{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } 507 dnscrypt-provider-cert-rotated{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } 508 dnscrypt-shared-secret-cache-size{COLON} { 509 YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } 510 dnscrypt-shared-secret-cache-slabs{COLON} { 511 YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } 512 dnscrypt-nonce-cache-size{COLON} { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } 513 dnscrypt-nonce-cache-slabs{COLON} { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } 514 pad-responses{COLON} { YDVAR(1, VAR_PAD_RESPONSES) } 515 pad-responses-block-size{COLON} { YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) } 516 pad-queries{COLON} { YDVAR(1, VAR_PAD_QUERIES) } 517 pad-queries-block-size{COLON} { YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) } 518 ipsecmod-enabled{COLON} { YDVAR(1, VAR_IPSECMOD_ENABLED) } 519 ipsecmod-ignore-bogus{COLON} { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } 520 ipsecmod-hook{COLON} { YDVAR(1, VAR_IPSECMOD_HOOK) } 521 ipsecmod-max-ttl{COLON} { YDVAR(1, VAR_IPSECMOD_MAX_TTL) } 522 ipsecmod-whitelist{COLON} { YDVAR(1, VAR_IPSECMOD_WHITELIST) } 523 ipsecmod-allow{COLON} { YDVAR(1, VAR_IPSECMOD_WHITELIST) } 524 ipsecmod-strict{COLON} { YDVAR(1, VAR_IPSECMOD_STRICT) } 525 cachedb{COLON} { YDVAR(0, VAR_CACHEDB) } 526 backend{COLON} { YDVAR(1, VAR_CACHEDB_BACKEND) } 527 secret-seed{COLON} { YDVAR(1, VAR_CACHEDB_SECRETSEED) } 528 redis-server-host{COLON} { YDVAR(1, VAR_CACHEDB_REDISHOST) } 529 redis-server-port{COLON} { YDVAR(1, VAR_CACHEDB_REDISPORT) } 530 redis-timeout{COLON} { YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } 531 redis-expire-records{COLON} { YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } 532 ipset{COLON} { YDVAR(0, VAR_IPSET) } 533 name-v4{COLON} { YDVAR(1, VAR_IPSET_NAME_V4) } 534 name-v6{COLON} { YDVAR(1, VAR_IPSET_NAME_V6) } 535 udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } 536 tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } 537 edns-client-string{COLON} { YDVAR(2, VAR_EDNS_CLIENT_STRING) } 538 edns-client-string-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } 539 nsid{COLON} { YDVAR(1, VAR_NSID ) } 540 <INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } 541 542 /* Quoted strings. Strip leading and ending quotes */ 543 <val>\" { BEGIN(quotedstring); LEXOUT(("QS ")); } 544 <quotedstring><<EOF>> { 545 yyerror("EOF inside quoted string"); 546 if(--num_args == 0) { BEGIN(INITIAL); } 547 else { BEGIN(val); } 548 } 549 <quotedstring>{DQANY}* { LEXOUT(("STR(%s) ", yytext)); yymore(); } 550 <quotedstring>{NEWLINE} { yyerror("newline inside quoted string, no end \""); 551 cfg_parser->line++; BEGIN(INITIAL); } 552 <quotedstring>\" { 553 LEXOUT(("QE ")); 554 if(--num_args == 0) { BEGIN(INITIAL); } 555 else { BEGIN(val); } 556 yytext[yyleng - 1] = '\0'; 557 yylval.str = strdup(yytext); 558 if(!yylval.str) 559 yyerror("out of memory"); 560 return STRING_ARG; 561 } 562 563 /* Single Quoted strings. Strip leading and ending quotes */ 564 <val>\' { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } 565 <singlequotedstr><<EOF>> { 566 yyerror("EOF inside quoted string"); 567 if(--num_args == 0) { BEGIN(INITIAL); } 568 else { BEGIN(val); } 569 } 570 <singlequotedstr>{SQANY}* { LEXOUT(("STR(%s) ", yytext)); yymore(); } 571 <singlequotedstr>{NEWLINE} { yyerror("newline inside quoted string, no end '"); 572 cfg_parser->line++; BEGIN(INITIAL); } 573 <singlequotedstr>\' { 574 LEXOUT(("SQE ")); 575 if(--num_args == 0) { BEGIN(INITIAL); } 576 else { BEGIN(val); } 577 yytext[yyleng - 1] = '\0'; 578 yylval.str = strdup(yytext); 579 if(!yylval.str) 580 yyerror("out of memory"); 581 return STRING_ARG; 582 } 583 584 /* include: directive */ 585 <INITIAL,val>include{COLON} { 586 LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } 587 <include><<EOF>> { 588 yyerror("EOF inside include directive"); 589 BEGIN(inc_prev); 590 } 591 <include>{SPACE}* { LEXOUT(("ISP ")); /* ignore */ } 592 <include>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++;} 593 <include>\" { LEXOUT(("IQS ")); BEGIN(include_quoted); } 594 <include>{UNQUOTEDLETTER}* { 595 LEXOUT(("Iunquotedstr(%s) ", yytext)); 596 config_start_include_glob(yytext, 0); 597 BEGIN(inc_prev); 598 } 599 <include_quoted><<EOF>> { 600 yyerror("EOF inside quoted string"); 601 BEGIN(inc_prev); 602 } 603 <include_quoted>{DQANY}* { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } 604 <include_quoted>{NEWLINE} { yyerror("newline before \" in include name"); 605 cfg_parser->line++; BEGIN(inc_prev); } 606 <include_quoted>\" { 607 LEXOUT(("IQE ")); 608 yytext[yyleng - 1] = '\0'; 609 config_start_include_glob(yytext, 0); 610 BEGIN(inc_prev); 611 } 612 <INITIAL,val><<EOF>> { 613 LEXOUT(("LEXEOF ")); 614 yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ 615 if (!config_include_stack) { 616 yyterminate(); 617 } else { 618 int prev_toplevel = inc_toplevel; 619 fclose(yyin); 620 config_end_include(); 621 if(prev_toplevel) return (VAR_FORCE_TOPLEVEL); 622 } 623 } 624 625 /* include-toplevel: directive */ 626 <INITIAL,val>include-toplevel{COLON} { 627 LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include_toplevel); 628 } 629 <include_toplevel><<EOF>> { 630 yyerror("EOF inside include_toplevel directive"); 631 BEGIN(inc_prev); 632 } 633 <include_toplevel>{SPACE}* { LEXOUT(("ITSP ")); /* ignore */ } 634 <include_toplevel>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } 635 <include_toplevel>\" { LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); } 636 <include_toplevel>{UNQUOTEDLETTER}* { 637 LEXOUT(("ITunquotedstr(%s) ", yytext)); 638 config_start_include_glob(yytext, 1); 639 BEGIN(inc_prev); 640 return (VAR_FORCE_TOPLEVEL); 641 } 642 <include_toplevel_quoted><<EOF>> { 643 yyerror("EOF inside quoted string"); 644 BEGIN(inc_prev); 645 } 646 <include_toplevel_quoted>{DQANY}* { LEXOUT(("ITSTR(%s) ", yytext)); yymore(); } 647 <include_toplevel_quoted>{NEWLINE} { 648 yyerror("newline before \" in include name"); 649 cfg_parser->line++; BEGIN(inc_prev); 650 } 651 <include_toplevel_quoted>\" { 652 LEXOUT(("ITQE ")); 653 yytext[yyleng - 1] = '\0'; 654 config_start_include_glob(yytext, 1); 655 BEGIN(inc_prev); 656 return (VAR_FORCE_TOPLEVEL); 657 } 658 659 <val>{UNQUOTEDLETTER}* { LEXOUT(("unquotedstr(%s) ", yytext)); 660 if(--num_args == 0) { BEGIN(INITIAL); } 661 yylval.str = strdup(yytext); return STRING_ARG; } 662 663 {UNQUOTEDLETTER_NOCOLON}* { 664 ub_c_error_msg("unknown keyword '%s'", yytext); 665 } 666 667 <*>. { 668 ub_c_error_msg("stray '%s'", yytext); 669 } 670 671 %% 672