mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
- Add option to send DNSTAP messages over bidirectional frame streams
This commit is contained in:
parent
06d33f61c1
commit
9cebc13150
@ -92,6 +92,34 @@ void* fstrm_create_control_frame_stop(size_t* len)
|
||||
return control;
|
||||
}
|
||||
|
||||
void* fstrm_create_control_frame_ready(char* contenttype, size_t* len)
|
||||
{
|
||||
uint32_t* control;
|
||||
size_t n;
|
||||
/* start bidirectional stream:
|
||||
* 4 bytes 0 escape
|
||||
* 4 bytes bigendian length of frame
|
||||
* 4 bytes bigendian type READY
|
||||
* 4 bytes bigendian frame option content type
|
||||
* 4 bytes bigendian length of string
|
||||
* string of content type.
|
||||
*/
|
||||
/* len includes the escape and framelength */
|
||||
n = 4+4+4+4+4+strlen(contenttype);
|
||||
control = malloc(n);
|
||||
if(!control) {
|
||||
return NULL;
|
||||
}
|
||||
control[0] = 0;
|
||||
control[1] = htonl(4+4+4+strlen(contenttype));
|
||||
control[2] = htonl(FSTRM_CONTROL_FRAME_READY);
|
||||
control[3] = htonl(FSTRM_CONTROL_FIELD_TYPE_CONTENT_TYPE);
|
||||
control[4] = htonl(strlen(contenttype));
|
||||
memmove(&control[5], contenttype, strlen(contenttype));
|
||||
*len = n;
|
||||
return control;
|
||||
}
|
||||
|
||||
void* fstrm_create_control_frame_accept(char* contenttype, size_t* len)
|
||||
{
|
||||
uint32_t* control;
|
||||
|
@ -127,6 +127,21 @@
|
||||
*/
|
||||
void* fstrm_create_control_frame_start(char* contenttype, size_t* len);
|
||||
|
||||
/**
|
||||
* This creates an FSTRM control frame of type READY.
|
||||
* @param contenttype: a zero delimited string with the content type.
|
||||
* eg. use the constant DNSTAP_CONTENT_TYPE, which is defined as
|
||||
* "protobuf:dnstap.Dnstap", for a dnstap frame stream.
|
||||
* @param len: if a buffer is returned this is the length of that buffer.
|
||||
* @return NULL on malloc failure. Returns a malloced buffer with the
|
||||
* protocol message. The buffer starts with the 4 bytes of 0 that indicate
|
||||
* a control frame. The buffer should be sent without preceding it with
|
||||
* the 'len' variable (like data frames are), but straight the content of the
|
||||
* buffer, because the lengths are included in the buffer. This is so that
|
||||
* the zero control indicator can be included before the control frame length.
|
||||
*/
|
||||
void* fstrm_create_control_frame_ready(char* contenttype, size_t* len);
|
||||
|
||||
/**
|
||||
* This creates an FSTRM control frame of type STOP.
|
||||
* @param len: if a buffer is returned this is the length of that buffer.
|
||||
|
@ -48,6 +48,7 @@
|
||||
#include "util/ub_event.h"
|
||||
#include "util/net_help.h"
|
||||
#include "services/outside_network.h"
|
||||
#include "sldns/sbuffer.h"
|
||||
#ifdef HAVE_SYS_UN_H
|
||||
#include <sys/un.h>
|
||||
#endif
|
||||
@ -85,6 +86,8 @@ static int dtio_add_output_event_write(struct dt_io_thread* dtio);
|
||||
static void dtio_reconnect_enable(struct dt_io_thread* dtio);
|
||||
/** stop from stop_flush event loop */
|
||||
static void dtio_stop_flush_exit(struct stop_flush_info* info);
|
||||
/** setup a start control message */
|
||||
static int dtio_control_start_send(struct dt_io_thread* dtio);
|
||||
#ifdef HAVE_SSL
|
||||
/** enable briefly waiting for a read event, for SSL negotiation */
|
||||
static int dtio_enable_brief_read(struct dt_io_thread* dtio);
|
||||
@ -261,6 +264,7 @@ int dt_io_thread_apply_cfg(struct dt_io_thread* dtio, struct config_file *cfg)
|
||||
} else {
|
||||
dtio->upstream_is_unix = 1;
|
||||
}
|
||||
dtio->is_bidirectional = cfg->dnstap_bidirectional;
|
||||
|
||||
if(dtio->upstream_is_unix) {
|
||||
if(!cfg->dnstap_socket_path ||
|
||||
@ -551,6 +555,20 @@ static void dtio_cur_msg_free(struct dt_io_thread* dtio)
|
||||
dtio->cur_msg_len_done = 0;
|
||||
}
|
||||
|
||||
/** delete the buffer and counters used to read frame */
|
||||
static void dtio_read_frame_free(struct dt_frame_read_buf* rb)
|
||||
{
|
||||
if(rb->buf) {
|
||||
free(rb->buf);
|
||||
rb->buf = NULL;
|
||||
}
|
||||
rb->buf_count = 0;
|
||||
rb->buf_cap = 0;
|
||||
rb->frame_len = 0;
|
||||
rb->frame_len_done = 0;
|
||||
rb->control_frame = 0;
|
||||
}
|
||||
|
||||
/** del the output file descriptor event for listening */
|
||||
static void dtio_del_output_event(struct dt_io_thread* dtio)
|
||||
{
|
||||
@ -594,6 +612,11 @@ static void dtio_close_output(struct dt_io_thread* dtio)
|
||||
if(dtio->cur_msg) {
|
||||
dtio_cur_msg_free(dtio);
|
||||
}
|
||||
|
||||
dtio->ready_frame_sent = 0;
|
||||
dtio->accept_frame_received = 0;
|
||||
dtio_read_frame_free(&dtio->read_frame);
|
||||
|
||||
dtio_reconnect_enable(dtio);
|
||||
}
|
||||
|
||||
@ -855,6 +878,94 @@ static int dtio_write_more(struct dt_io_thread* dtio)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** Receive bytes from dtio->fd, store in buffer. Returns 0: closed,
|
||||
* -1: continue, >0: number of bytes read into buffer */
|
||||
static ssize_t receive_bytes(struct dt_io_thread* dtio, void* buf, size_t len) {
|
||||
ssize_t r;
|
||||
r = recv(dtio->fd, (void*)buf, len, 0);
|
||||
if(r == -1) {
|
||||
char* to = dtio->socket_path;
|
||||
if(!to) to = dtio->ip_str;
|
||||
if(!to) to = "";
|
||||
#ifndef USE_WINSOCK
|
||||
if(errno == EINTR || errno == EAGAIN)
|
||||
return -1; /* try later */
|
||||
#else
|
||||
if(WSAGetLastError() == WSAEINPROGRESS) {
|
||||
return -1; /* try later */
|
||||
} else if(WSAGetLastError() == WSAEWOULDBLOCK) {
|
||||
ub_winsock_tcp_wouldblock(
|
||||
(dtio->stop_flush_event?
|
||||
dtio->stop_flush_event:dtio->event),
|
||||
UB_EV_READ);
|
||||
return -1; /* try later */
|
||||
}
|
||||
#endif
|
||||
if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN &&
|
||||
verbosity < 4)
|
||||
return 0; /* no log retries on low verbosity */
|
||||
log_err("dnstap io: output closed, recv %s: %s", to,
|
||||
strerror(errno));
|
||||
/* and close below */
|
||||
return 0;
|
||||
}
|
||||
if(r == 0) {
|
||||
if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN &&
|
||||
verbosity < 4)
|
||||
return 0; /* no log retries on low verbosity */
|
||||
verbose(VERB_DETAIL, "dnstap io: output closed by the other side");
|
||||
/* and close below */
|
||||
return 0;
|
||||
}
|
||||
/* something was received */
|
||||
return r;
|
||||
}
|
||||
|
||||
#ifdef HAVE_SSL
|
||||
/** Receive bytes over TLS from dtio->fd, store in buffer. Returns 0: closed,
|
||||
* -1: continue, >0: number of bytes read into buffer */
|
||||
static int ssl_read_bytes(struct dt_io_thread* dtio, void* buf, size_t len)
|
||||
{
|
||||
int r;
|
||||
ERR_clear_error();
|
||||
r = SSL_read(dtio->ssl, buf, len);
|
||||
if(r <= 0) {
|
||||
int want = SSL_get_error(dtio->ssl, r);
|
||||
if(want == SSL_ERROR_ZERO_RETURN) {
|
||||
if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN &&
|
||||
verbosity < 4)
|
||||
return 0; /* no log retries on low verbosity */
|
||||
verbose(VERB_DETAIL, "dnstap io: output closed by the "
|
||||
"other side");
|
||||
return 0;
|
||||
} else if(want == SSL_ERROR_WANT_READ) {
|
||||
/* continue later */
|
||||
return -1;
|
||||
} else if(want == SSL_ERROR_WANT_WRITE) {
|
||||
(void)dtio_add_output_event_write(dtio);
|
||||
return -1;
|
||||
} else if(want == SSL_ERROR_SYSCALL) {
|
||||
#ifdef ECONNRESET
|
||||
if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN &&
|
||||
errno == ECONNRESET && verbosity < 4)
|
||||
return 0; /* silence reset by peer */
|
||||
#endif
|
||||
if(errno != 0)
|
||||
log_err("SSL_read syscall: %s",
|
||||
strerror(errno));
|
||||
verbose(VERB_DETAIL, "dnstap io: output closed by the "
|
||||
"other side");
|
||||
return 0;
|
||||
}
|
||||
log_crypto_err("could not SSL_read");
|
||||
verbose(VERB_DETAIL, "dnstap io: output closed by the "
|
||||
"other side");
|
||||
return 0;
|
||||
}
|
||||
return r;
|
||||
}
|
||||
#endif /* HAVE_SSL */
|
||||
|
||||
/** check if the output fd has been closed,
|
||||
* it returns false if the stream is closed. */
|
||||
static int dtio_check_close(struct dt_io_thread* dtio)
|
||||
@ -864,44 +975,17 @@ static int dtio_check_close(struct dt_io_thread* dtio)
|
||||
* packets is okay for the framestream protocol. And also, the
|
||||
* read call can return that the stream has been closed by the
|
||||
* other side. */
|
||||
ssize_t r;
|
||||
uint8_t buf[1024];
|
||||
int r = -1;
|
||||
|
||||
|
||||
if(dtio->fd == -1) return 0;
|
||||
while(1) {
|
||||
r = recv(dtio->fd, (void*)buf, sizeof(buf), 0);
|
||||
if(r == -1) {
|
||||
char* to = dtio->socket_path;
|
||||
if(!to) to = dtio->ip_str;
|
||||
if(!to) to = "";
|
||||
#ifndef USE_WINSOCK
|
||||
if(errno == EINTR || errno == EAGAIN)
|
||||
return 1; /* try later */
|
||||
#else
|
||||
if(WSAGetLastError() == WSAEINPROGRESS) {
|
||||
return 1; /* try later */
|
||||
} else if(WSAGetLastError() == WSAEWOULDBLOCK) {
|
||||
ub_winsock_tcp_wouldblock(
|
||||
(dtio->stop_flush_event?
|
||||
dtio->stop_flush_event:dtio->event),
|
||||
UB_EV_READ);
|
||||
return 1; /* try later */
|
||||
}
|
||||
#endif
|
||||
if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && verbosity < 4)
|
||||
break; /* no log retries on low verbosity */
|
||||
log_err("dnstap io: output closed, recv %s: %s", to,
|
||||
strerror(errno));
|
||||
/* and close below */
|
||||
break;
|
||||
}
|
||||
if(r == 0) {
|
||||
if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && verbosity < 4)
|
||||
break; /* no log retries on low verbosity */
|
||||
verbose(VERB_DETAIL, "dnstap io: output closed by the other side");
|
||||
/* and close below */
|
||||
break;
|
||||
}
|
||||
/* something was received, ignore it */
|
||||
|
||||
while(r != 0) {
|
||||
/* not interested in buffer content, overwrite */
|
||||
r = receive_bytes(dtio, (void*)buf, sizeof(buf));
|
||||
if(r == -1)
|
||||
return 1;
|
||||
}
|
||||
/* the other end has been closed */
|
||||
/* close the channel */
|
||||
@ -910,6 +994,118 @@ static int dtio_check_close(struct dt_io_thread* dtio)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** Read accept frame. Returns -1: continue reading, 0: closed,
|
||||
* 1: valid accept received. */
|
||||
static int dtio_read_accept_frame(struct dt_io_thread* dtio)
|
||||
{
|
||||
int r;
|
||||
while(dtio->read_frame.frame_len_done < 4) {
|
||||
#ifdef HAVE_SSL
|
||||
if(dtio->ssl) {
|
||||
r = ssl_read_bytes(dtio,
|
||||
(uint8_t*)&dtio->read_frame.frame_len+
|
||||
dtio->read_frame.frame_len_done,
|
||||
4-dtio->read_frame.frame_len_done);
|
||||
} else {
|
||||
#endif
|
||||
r = receive_bytes(dtio,
|
||||
(uint8_t*)&dtio->read_frame.frame_len+
|
||||
dtio->read_frame.frame_len_done,
|
||||
4-dtio->read_frame.frame_len_done);
|
||||
#ifdef HAVE_SSL
|
||||
}
|
||||
#endif
|
||||
if(r == -1)
|
||||
return -1; /* continue reading */
|
||||
if(r == 0) {
|
||||
/* connection closed */
|
||||
goto close_connection;
|
||||
}
|
||||
dtio->read_frame.frame_len_done += r;
|
||||
if(dtio->read_frame.frame_len_done < 4)
|
||||
return -1; /* continue reading */
|
||||
|
||||
if(dtio->read_frame.frame_len == 0) {
|
||||
dtio->read_frame.frame_len_done = 0;
|
||||
dtio->read_frame.control_frame = 1;
|
||||
continue;
|
||||
}
|
||||
dtio->read_frame.frame_len = ntohl(dtio->read_frame.frame_len);
|
||||
dtio->read_frame.buf = calloc(1, dtio->read_frame.frame_len);
|
||||
dtio->read_frame.buf_cap = dtio->read_frame.frame_len;
|
||||
if(!dtio->read_frame.buf) {
|
||||
log_err("dnstap io: out of memory (creating read "
|
||||
"buffer)");
|
||||
goto close_connection;
|
||||
}
|
||||
}
|
||||
if(dtio->read_frame.buf_count < dtio->read_frame.frame_len) {
|
||||
#ifdef HAVE_SSL
|
||||
if(dtio->ssl) {
|
||||
r = ssl_read_bytes(dtio, dtio->read_frame.buf+
|
||||
dtio->read_frame.buf_count,
|
||||
dtio->read_frame.buf_cap-
|
||||
dtio->read_frame.buf_count);
|
||||
} else {
|
||||
#endif
|
||||
r = receive_bytes(dtio, dtio->read_frame.buf+
|
||||
dtio->read_frame.buf_count,
|
||||
dtio->read_frame.buf_cap-
|
||||
dtio->read_frame.buf_count);
|
||||
#ifdef HAVE_SSL
|
||||
}
|
||||
#endif
|
||||
if(r == -1)
|
||||
return -1; /* continue reading */
|
||||
if(r == 0) {
|
||||
/* connection closed */
|
||||
goto close_connection;
|
||||
}
|
||||
dtio->read_frame.buf_count += r;
|
||||
if(dtio->read_frame.buf_count < dtio->read_frame.frame_len)
|
||||
return -1; /* continue reading */
|
||||
}
|
||||
|
||||
/* Complete frame received, check if this is a valid ACCEPT control
|
||||
* frame. */
|
||||
if(dtio->read_frame.frame_len < 4) {
|
||||
verbose(VERB_OPS, "dnstap: invalid data received");
|
||||
goto close_connection;
|
||||
}
|
||||
if(sldns_read_uint32(dtio->read_frame.buf) !=
|
||||
FSTRM_CONTROL_FRAME_ACCEPT) {
|
||||
verbose(VERB_ALGO, "dnstap: invalid control type received, "
|
||||
"ignored");
|
||||
dtio->ready_frame_sent = 0;
|
||||
dtio->accept_frame_received = 0;
|
||||
dtio_read_frame_free(&dtio->read_frame);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if(dtio->read_frame.frame_len != 4+4+4+strlen(DNSTAP_CONTENT_TYPE) ||
|
||||
memcmp(dtio->read_frame.buf+4+4+4, DNSTAP_CONTENT_TYPE,
|
||||
strlen(DNSTAP_CONTENT_TYPE)) != 0) {
|
||||
verbose(VERB_OPS, "dnstap: invalid content type on ACCEPT "
|
||||
"frame");
|
||||
goto close_connection;
|
||||
}
|
||||
|
||||
if(!dtio_control_start_send(dtio)) {
|
||||
verbose(VERB_OPS, "dnstap io: out of memory while sending "
|
||||
"START frame");
|
||||
goto close_connection;
|
||||
}
|
||||
|
||||
dtio->accept_frame_received = 1;
|
||||
return 1;
|
||||
|
||||
close_connection:
|
||||
dtio_del_output_event(dtio);
|
||||
dtio_reconnect_slow(dtio, DTIO_RECONNECT_TIMEOUT_SLOW);
|
||||
dtio_close_output(dtio);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** add the output file descriptor event for listening, read only */
|
||||
static int dtio_add_output_event_read(struct dt_io_thread* dtio)
|
||||
{
|
||||
@ -1176,7 +1372,10 @@ void dtio_output_cb(int ATTR_UNUSED(fd), short bits, void* arg)
|
||||
#endif
|
||||
|
||||
if((bits&UB_EV_READ)) {
|
||||
if(!dtio_check_close(dtio))
|
||||
if(dtio->ready_frame_sent && !dtio->accept_frame_received) {
|
||||
if(dtio_read_accept_frame(dtio) <= 0)
|
||||
return;
|
||||
} else if(!dtio_check_close(dtio))
|
||||
return;
|
||||
}
|
||||
|
||||
@ -1208,6 +1407,15 @@ void dtio_output_cb(int ATTR_UNUSED(fd), short bits, void* arg)
|
||||
|
||||
/* done with the current message */
|
||||
dtio_cur_msg_free(dtio);
|
||||
|
||||
/* If this is a bidirectional stream the first message will be
|
||||
* the READY control frame. We can only continue writing after
|
||||
* receiving an ACCEPT control frame. */
|
||||
if(dtio->is_bidirectional && !dtio->ready_frame_sent) {
|
||||
dtio->ready_frame_sent = 1;
|
||||
(void)dtio_add_output_event_read(dtio);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -1240,6 +1448,13 @@ void dtio_cmd_cb(int fd, short ATTR_UNUSED(bits), void* arg)
|
||||
verbose(VERB_ALGO, "dnstap io: cmd channel cmd quit");
|
||||
} else if(r == 1 && cmd == DTIO_COMMAND_WAKEUP) {
|
||||
verbose(VERB_ALGO, "dnstap io: cmd channel cmd wakeup");
|
||||
|
||||
if(dtio->is_bidirectional && !dtio->accept_frame_received) {
|
||||
verbose(VERB_ALGO, "dnstap io: cmd wakeup ignored, "
|
||||
"waiting for ACCEPT control frame");
|
||||
return;
|
||||
}
|
||||
|
||||
/* reregister event */
|
||||
if(!dtio_add_output_event_write(dtio))
|
||||
return;
|
||||
@ -1561,6 +1776,25 @@ static int dtio_control_start_send(struct dt_io_thread* dtio)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** setup a ready control message */
|
||||
static int dtio_control_ready_send(struct dt_io_thread* dtio)
|
||||
{
|
||||
log_assert(dtio->cur_msg == NULL && dtio->cur_msg_len == 0);
|
||||
dtio->cur_msg = fstrm_create_control_frame_ready(DNSTAP_CONTENT_TYPE,
|
||||
&dtio->cur_msg_len);
|
||||
if(!dtio->cur_msg) {
|
||||
return 0;
|
||||
}
|
||||
/* setup to send the control message */
|
||||
/* set that the buffer needs to be sent, but the length
|
||||
* of that buffer is already written, that way the buffer can
|
||||
* start with 0 length and then the length of the control frame
|
||||
* in it */
|
||||
dtio->cur_msg_done = 0;
|
||||
dtio->cur_msg_len_done = 4;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** open the output file descriptor for af_local */
|
||||
static int dtio_open_output_local(struct dt_io_thread* dtio)
|
||||
{
|
||||
@ -1693,7 +1927,8 @@ static void dtio_open_output(struct dt_io_thread* dtio)
|
||||
}
|
||||
dtio->check_nb_connect = 1;
|
||||
|
||||
/* the EV_READ is to catch channel close, write to write packets */
|
||||
/* the EV_READ is to read ACCEPT control messages, and catch channel
|
||||
* close. EV_WRITE is to write packets */
|
||||
ev = ub_event_new(dtio->event_base, dtio->fd,
|
||||
UB_EV_READ | UB_EV_WRITE | UB_EV_PERSIST, &dtio_output_cb,
|
||||
dtio);
|
||||
@ -1712,7 +1947,8 @@ static void dtio_open_output(struct dt_io_thread* dtio)
|
||||
dtio->event = ev;
|
||||
|
||||
/* setup protocol control message to start */
|
||||
if(!dtio_control_start_send(dtio)) {
|
||||
if((!dtio->is_bidirectional && !dtio_control_start_send(dtio)) ||
|
||||
(dtio->is_bidirectional && !dtio_control_ready_send(dtio)) ) {
|
||||
log_err("dnstap io: out of memory");
|
||||
ub_event_free(dtio->event);
|
||||
dtio->event = NULL;
|
||||
|
@ -88,6 +88,27 @@ struct dt_msg_entry {
|
||||
size_t len;
|
||||
};
|
||||
|
||||
/**
|
||||
* Containing buffer and counter for reading DNSTAP frames.
|
||||
*/
|
||||
struct dt_frame_read_buf {
|
||||
/** Buffer containing frame, except length counter(s). */
|
||||
void* buf;
|
||||
/** Number of bytes written to buffer. */
|
||||
size_t buf_count;
|
||||
/** Capacity of the buffer. */
|
||||
size_t buf_cap;
|
||||
|
||||
/** Frame length field. Will contain the 2nd length field for control
|
||||
* frames. */
|
||||
uint32_t frame_len;
|
||||
/** Number of bytes that have been written to the frame_length field. */
|
||||
size_t frame_len_done;
|
||||
|
||||
/** Set to 1 if this is a control frame, 0 otherwise (ie data frame). */
|
||||
int control_frame;
|
||||
};
|
||||
|
||||
/**
|
||||
* IO thread that reads from the queues and writes them.
|
||||
*/
|
||||
@ -171,6 +192,16 @@ struct dt_io_thread {
|
||||
* and client certificates can be used for authentication. */
|
||||
int upstream_is_tls;
|
||||
|
||||
/** Perform bidirectional Frame Streams handshake before sending
|
||||
* messages. */
|
||||
int is_bidirectional;
|
||||
/** Set if the READY control frame has been sent. */
|
||||
int ready_frame_sent;
|
||||
/** Set if valid ACCEPT frame is received. */
|
||||
int accept_frame_received;
|
||||
/** (partially) read frame */
|
||||
struct dt_frame_read_buf read_frame;
|
||||
|
||||
/** the file path for unix socket (or NULL) */
|
||||
char* socket_path;
|
||||
/** the ip address and port number (or NULL) */
|
||||
|
@ -770,10 +770,11 @@ void tap_data_free(struct tap_data* data)
|
||||
|
||||
/** reply with ACCEPT control frame to bidirectional client,
|
||||
* returns 0 on error */
|
||||
static int reply_with_accept(int fd)
|
||||
static int reply_with_accept(struct tap_data* data)
|
||||
{
|
||||
#ifdef USE_DNSTAP
|
||||
/* len includes the escape and framelength */
|
||||
int r;
|
||||
size_t len = 0;
|
||||
void* acceptframe = fstrm_create_control_frame_accept(
|
||||
DNSTAP_CONTENT_TYPE, &len);
|
||||
@ -782,21 +783,34 @@ static int reply_with_accept(int fd)
|
||||
return 0;
|
||||
}
|
||||
|
||||
fd_set_block(fd);
|
||||
if(send(fd, acceptframe, len, 0) == -1) {
|
||||
fd_set_block(data->fd);
|
||||
if(data->ssl) {
|
||||
if((r=SSL_write(data->ssl, acceptframe, len)) <= 0) {
|
||||
if(SSL_get_error(data->ssl, r) == SSL_ERROR_ZERO_RETURN)
|
||||
log_err("SSL_write, peer closed connection");
|
||||
else
|
||||
log_err("could not SSL_write");
|
||||
fd_set_nonblock(data->fd);
|
||||
free(acceptframe);
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
if(send(data->fd, acceptframe, len, 0) == -1) {
|
||||
#ifndef USE_WINSOCK
|
||||
log_err("send failed: %s", strerror(errno));
|
||||
log_err("send failed: %s", strerror(errno));
|
||||
#else
|
||||
log_err("send failed: %s", wsa_strerror(WSAGetLastError()));
|
||||
log_err("send failed: %s",
|
||||
wsa_strerror(WSAGetLastError()));
|
||||
#endif
|
||||
fd_set_nonblock(fd);
|
||||
free(acceptframe);
|
||||
return 0;
|
||||
fd_set_nonblock(data->fd);
|
||||
free(acceptframe);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if(verbosity) log_info("sent control frame(accept) content-type:(%s)",
|
||||
DNSTAP_CONTENT_TYPE);
|
||||
|
||||
fd_set_nonblock(fd);
|
||||
fd_set_nonblock(data->fd);
|
||||
free(acceptframe);
|
||||
return 1;
|
||||
#else
|
||||
@ -1033,7 +1047,7 @@ void dtio_tap_callback(int fd, short ATTR_UNUSED(bits), void* arg)
|
||||
FSTRM_CONTROL_FRAME_READY) {
|
||||
data->is_bidirectional = 1;
|
||||
if(verbosity) log_info("bidirectional stream");
|
||||
if(!reply_with_accept(fd)) {
|
||||
if(!reply_with_accept(data)) {
|
||||
tap_data_free(data);
|
||||
}
|
||||
} else if(data->len >= 4 && sldns_read_uint32(data->frame) ==
|
||||
|
@ -1046,6 +1046,8 @@ remote-control:
|
||||
# upstream log destination, by socket path, TCP or TLS destination.
|
||||
# dnstap:
|
||||
# dnstap-enable: no
|
||||
# # if set to yes frame streams will be used in bidirectional mode
|
||||
# dnstap-bidirectional: yes
|
||||
# dnstap-socket-path: "@DNSTAP_SOCKET_PATH@"
|
||||
# # if "" use the unix socket in dnstap-socket-path, otherwise,
|
||||
# # set it to "IPaddress[@port]" of the destination.
|
||||
|
@ -2183,6 +2183,10 @@ If dnstap is enabled. Default no. If yes, it connects to the dnstap server
|
||||
and if any of the dnstap-log-..-messages options is enabled it sends logs
|
||||
for those messages to the server.
|
||||
.TP
|
||||
.B dnstap-bidirectional: \fI<yes or no>
|
||||
Use frame streams in bidirectional mode to transfer DNSTAP messages. Default is
|
||||
yes.
|
||||
.TP
|
||||
.B dnstap-socket-path: \fI<file name>
|
||||
Sets the unix socket file name for connecting to the server that is
|
||||
listening on that socket. Default is "@DNSTAP_SOCKET_PATH@".
|
||||
|
@ -298,6 +298,7 @@ config_create(void)
|
||||
if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH)))
|
||||
goto error_exit;
|
||||
#endif
|
||||
cfg->dnstap_bidirectional = 1;
|
||||
cfg->dnstap_tls = 1;
|
||||
cfg->disable_dnssec_lame_check = 0;
|
||||
cfg->ip_ratelimit = 0;
|
||||
@ -639,6 +640,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
||||
#endif
|
||||
#ifdef USE_DNSTAP
|
||||
else S_YNO("dnstap-enable:", dnstap)
|
||||
else S_YNO("dnstap-bidirectional:", dnstap_bidirectional)
|
||||
else S_STR("dnstap-socket-path:", dnstap_socket_path)
|
||||
else S_STR("dnstap-ip:", dnstap_ip)
|
||||
else S_YNO("dnstap-tls:", dnstap_tls)
|
||||
@ -1055,6 +1057,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
||||
#endif
|
||||
#ifdef USE_DNSTAP
|
||||
else O_YNO(opt, "dnstap-enable", dnstap)
|
||||
else O_YNO(opt, "dnstap-bidirectional", dnstap_bidirectional)
|
||||
else O_STR(opt, "dnstap-socket-path", dnstap_socket_path)
|
||||
else O_STR(opt, "dnstap-ip", dnstap_ip)
|
||||
else O_YNO(opt, "dnstap-tls", dnstap_tls)
|
||||
|
@ -481,6 +481,8 @@ struct config_file {
|
||||
|
||||
/** true to enable dnstap support */
|
||||
int dnstap;
|
||||
/** using bidirectional frame streams if true */
|
||||
int dnstap_bidirectional;
|
||||
/** dnstap socket path */
|
||||
char* dnstap_socket_path;
|
||||
/** dnstap IP */
|
||||
|
3857
util/configlexer.c
3857
util/configlexer.c
File diff suppressed because it is too large
Load Diff
@ -434,6 +434,7 @@ access-control-view{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_VIEW) }
|
||||
local-zone-override{COLON} { YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) }
|
||||
dnstap{COLON} { YDVAR(0, VAR_DNSTAP) }
|
||||
dnstap-enable{COLON} { YDVAR(1, VAR_DNSTAP_ENABLE) }
|
||||
dnstap-bidirectional{COLON} { YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) }
|
||||
dnstap-socket-path{COLON} { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) }
|
||||
dnstap-ip{COLON} { YDVAR(1, VAR_DNSTAP_IP) }
|
||||
dnstap-tls{COLON} { YDVAR(1, VAR_DNSTAP_TLS) }
|
||||
|
2979
util/configparser.c
2979
util/configparser.c
File diff suppressed because it is too large
Load Diff
@ -1,8 +1,8 @@
|
||||
/* A Bison parser, made by GNU Bison 3.4.1. */
|
||||
/* A Bison parser, made by GNU Bison 3.5.1. */
|
||||
|
||||
/* Bison interface for Yacc-like parsers in C
|
||||
|
||||
Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2019 Free Software Foundation,
|
||||
Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation,
|
||||
Inc.
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
@ -209,133 +209,134 @@ extern int yydebug;
|
||||
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 415,
|
||||
VAR_DNSTAP_SEND_IDENTITY = 416,
|
||||
VAR_DNSTAP_SEND_VERSION = 417,
|
||||
VAR_DNSTAP_IDENTITY = 418,
|
||||
VAR_DNSTAP_VERSION = 419,
|
||||
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 420,
|
||||
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 421,
|
||||
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 422,
|
||||
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 423,
|
||||
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 424,
|
||||
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 425,
|
||||
VAR_RESPONSE_IP_TAG = 426,
|
||||
VAR_RESPONSE_IP = 427,
|
||||
VAR_RESPONSE_IP_DATA = 428,
|
||||
VAR_HARDEN_ALGO_DOWNGRADE = 429,
|
||||
VAR_IP_TRANSPARENT = 430,
|
||||
VAR_IP_DSCP = 431,
|
||||
VAR_DISABLE_DNSSEC_LAME_CHECK = 432,
|
||||
VAR_IP_RATELIMIT = 433,
|
||||
VAR_IP_RATELIMIT_SLABS = 434,
|
||||
VAR_IP_RATELIMIT_SIZE = 435,
|
||||
VAR_RATELIMIT = 436,
|
||||
VAR_RATELIMIT_SLABS = 437,
|
||||
VAR_RATELIMIT_SIZE = 438,
|
||||
VAR_RATELIMIT_FOR_DOMAIN = 439,
|
||||
VAR_RATELIMIT_BELOW_DOMAIN = 440,
|
||||
VAR_IP_RATELIMIT_FACTOR = 441,
|
||||
VAR_RATELIMIT_FACTOR = 442,
|
||||
VAR_SEND_CLIENT_SUBNET = 443,
|
||||
VAR_CLIENT_SUBNET_ZONE = 444,
|
||||
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 445,
|
||||
VAR_CLIENT_SUBNET_OPCODE = 446,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 447,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 448,
|
||||
VAR_MIN_CLIENT_SUBNET_IPV4 = 449,
|
||||
VAR_MIN_CLIENT_SUBNET_IPV6 = 450,
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV4 = 451,
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV6 = 452,
|
||||
VAR_CAPS_WHITELIST = 453,
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 454,
|
||||
VAR_PERMIT_SMALL_HOLDDOWN = 455,
|
||||
VAR_QNAME_MINIMISATION = 456,
|
||||
VAR_QNAME_MINIMISATION_STRICT = 457,
|
||||
VAR_IP_FREEBIND = 458,
|
||||
VAR_DEFINE_TAG = 459,
|
||||
VAR_LOCAL_ZONE_TAG = 460,
|
||||
VAR_ACCESS_CONTROL_TAG = 461,
|
||||
VAR_LOCAL_ZONE_OVERRIDE = 462,
|
||||
VAR_ACCESS_CONTROL_TAG_ACTION = 463,
|
||||
VAR_ACCESS_CONTROL_TAG_DATA = 464,
|
||||
VAR_VIEW = 465,
|
||||
VAR_ACCESS_CONTROL_VIEW = 466,
|
||||
VAR_VIEW_FIRST = 467,
|
||||
VAR_SERVE_EXPIRED = 468,
|
||||
VAR_SERVE_EXPIRED_TTL = 469,
|
||||
VAR_SERVE_EXPIRED_TTL_RESET = 470,
|
||||
VAR_SERVE_EXPIRED_REPLY_TTL = 471,
|
||||
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 472,
|
||||
VAR_FAKE_DSA = 473,
|
||||
VAR_FAKE_SHA1 = 474,
|
||||
VAR_LOG_IDENTITY = 475,
|
||||
VAR_HIDE_TRUSTANCHOR = 476,
|
||||
VAR_TRUST_ANCHOR_SIGNALING = 477,
|
||||
VAR_AGGRESSIVE_NSEC = 478,
|
||||
VAR_USE_SYSTEMD = 479,
|
||||
VAR_SHM_ENABLE = 480,
|
||||
VAR_SHM_KEY = 481,
|
||||
VAR_ROOT_KEY_SENTINEL = 482,
|
||||
VAR_DNSCRYPT = 483,
|
||||
VAR_DNSCRYPT_ENABLE = 484,
|
||||
VAR_DNSCRYPT_PORT = 485,
|
||||
VAR_DNSCRYPT_PROVIDER = 486,
|
||||
VAR_DNSCRYPT_SECRET_KEY = 487,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT = 488,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 489,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 490,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 491,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 492,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 493,
|
||||
VAR_IPSECMOD_ENABLED = 494,
|
||||
VAR_IPSECMOD_HOOK = 495,
|
||||
VAR_IPSECMOD_IGNORE_BOGUS = 496,
|
||||
VAR_IPSECMOD_MAX_TTL = 497,
|
||||
VAR_IPSECMOD_WHITELIST = 498,
|
||||
VAR_IPSECMOD_STRICT = 499,
|
||||
VAR_CACHEDB = 500,
|
||||
VAR_CACHEDB_BACKEND = 501,
|
||||
VAR_CACHEDB_SECRETSEED = 502,
|
||||
VAR_CACHEDB_REDISHOST = 503,
|
||||
VAR_CACHEDB_REDISPORT = 504,
|
||||
VAR_CACHEDB_REDISTIMEOUT = 505,
|
||||
VAR_CACHEDB_REDISEXPIRERECORDS = 506,
|
||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 507,
|
||||
VAR_FOR_UPSTREAM = 508,
|
||||
VAR_AUTH_ZONE = 509,
|
||||
VAR_ZONEFILE = 510,
|
||||
VAR_MASTER = 511,
|
||||
VAR_URL = 512,
|
||||
VAR_FOR_DOWNSTREAM = 513,
|
||||
VAR_FALLBACK_ENABLED = 514,
|
||||
VAR_TLS_ADDITIONAL_PORT = 515,
|
||||
VAR_LOW_RTT = 516,
|
||||
VAR_LOW_RTT_PERMIL = 517,
|
||||
VAR_FAST_SERVER_PERMIL = 518,
|
||||
VAR_FAST_SERVER_NUM = 519,
|
||||
VAR_ALLOW_NOTIFY = 520,
|
||||
VAR_TLS_WIN_CERT = 521,
|
||||
VAR_TCP_CONNECTION_LIMIT = 522,
|
||||
VAR_FORWARD_NO_CACHE = 523,
|
||||
VAR_STUB_NO_CACHE = 524,
|
||||
VAR_LOG_SERVFAIL = 525,
|
||||
VAR_DENY_ANY = 526,
|
||||
VAR_UNKNOWN_SERVER_TIME_LIMIT = 527,
|
||||
VAR_LOG_TAG_QUERYREPLY = 528,
|
||||
VAR_STREAM_WAIT_SIZE = 529,
|
||||
VAR_TLS_CIPHERS = 530,
|
||||
VAR_TLS_CIPHERSUITES = 531,
|
||||
VAR_TLS_USE_SNI = 532,
|
||||
VAR_IPSET = 533,
|
||||
VAR_IPSET_NAME_V4 = 534,
|
||||
VAR_IPSET_NAME_V6 = 535,
|
||||
VAR_TLS_SESSION_TICKET_KEYS = 536,
|
||||
VAR_RPZ = 537,
|
||||
VAR_TAGS = 538,
|
||||
VAR_RPZ_ACTION_OVERRIDE = 539,
|
||||
VAR_RPZ_CNAME_OVERRIDE = 540,
|
||||
VAR_RPZ_LOG = 541,
|
||||
VAR_RPZ_LOG_NAME = 542,
|
||||
VAR_DYNLIB = 543,
|
||||
VAR_DYNLIB_FILE = 544
|
||||
VAR_DNSTAP_BIDIRECTIONAL = 418,
|
||||
VAR_DNSTAP_IDENTITY = 419,
|
||||
VAR_DNSTAP_VERSION = 420,
|
||||
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 421,
|
||||
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 422,
|
||||
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 423,
|
||||
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 424,
|
||||
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 425,
|
||||
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 426,
|
||||
VAR_RESPONSE_IP_TAG = 427,
|
||||
VAR_RESPONSE_IP = 428,
|
||||
VAR_RESPONSE_IP_DATA = 429,
|
||||
VAR_HARDEN_ALGO_DOWNGRADE = 430,
|
||||
VAR_IP_TRANSPARENT = 431,
|
||||
VAR_IP_DSCP = 432,
|
||||
VAR_DISABLE_DNSSEC_LAME_CHECK = 433,
|
||||
VAR_IP_RATELIMIT = 434,
|
||||
VAR_IP_RATELIMIT_SLABS = 435,
|
||||
VAR_IP_RATELIMIT_SIZE = 436,
|
||||
VAR_RATELIMIT = 437,
|
||||
VAR_RATELIMIT_SLABS = 438,
|
||||
VAR_RATELIMIT_SIZE = 439,
|
||||
VAR_RATELIMIT_FOR_DOMAIN = 440,
|
||||
VAR_RATELIMIT_BELOW_DOMAIN = 441,
|
||||
VAR_IP_RATELIMIT_FACTOR = 442,
|
||||
VAR_RATELIMIT_FACTOR = 443,
|
||||
VAR_SEND_CLIENT_SUBNET = 444,
|
||||
VAR_CLIENT_SUBNET_ZONE = 445,
|
||||
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 446,
|
||||
VAR_CLIENT_SUBNET_OPCODE = 447,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 448,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 449,
|
||||
VAR_MIN_CLIENT_SUBNET_IPV4 = 450,
|
||||
VAR_MIN_CLIENT_SUBNET_IPV6 = 451,
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV4 = 452,
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV6 = 453,
|
||||
VAR_CAPS_WHITELIST = 454,
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 455,
|
||||
VAR_PERMIT_SMALL_HOLDDOWN = 456,
|
||||
VAR_QNAME_MINIMISATION = 457,
|
||||
VAR_QNAME_MINIMISATION_STRICT = 458,
|
||||
VAR_IP_FREEBIND = 459,
|
||||
VAR_DEFINE_TAG = 460,
|
||||
VAR_LOCAL_ZONE_TAG = 461,
|
||||
VAR_ACCESS_CONTROL_TAG = 462,
|
||||
VAR_LOCAL_ZONE_OVERRIDE = 463,
|
||||
VAR_ACCESS_CONTROL_TAG_ACTION = 464,
|
||||
VAR_ACCESS_CONTROL_TAG_DATA = 465,
|
||||
VAR_VIEW = 466,
|
||||
VAR_ACCESS_CONTROL_VIEW = 467,
|
||||
VAR_VIEW_FIRST = 468,
|
||||
VAR_SERVE_EXPIRED = 469,
|
||||
VAR_SERVE_EXPIRED_TTL = 470,
|
||||
VAR_SERVE_EXPIRED_TTL_RESET = 471,
|
||||
VAR_SERVE_EXPIRED_REPLY_TTL = 472,
|
||||
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 473,
|
||||
VAR_FAKE_DSA = 474,
|
||||
VAR_FAKE_SHA1 = 475,
|
||||
VAR_LOG_IDENTITY = 476,
|
||||
VAR_HIDE_TRUSTANCHOR = 477,
|
||||
VAR_TRUST_ANCHOR_SIGNALING = 478,
|
||||
VAR_AGGRESSIVE_NSEC = 479,
|
||||
VAR_USE_SYSTEMD = 480,
|
||||
VAR_SHM_ENABLE = 481,
|
||||
VAR_SHM_KEY = 482,
|
||||
VAR_ROOT_KEY_SENTINEL = 483,
|
||||
VAR_DNSCRYPT = 484,
|
||||
VAR_DNSCRYPT_ENABLE = 485,
|
||||
VAR_DNSCRYPT_PORT = 486,
|
||||
VAR_DNSCRYPT_PROVIDER = 487,
|
||||
VAR_DNSCRYPT_SECRET_KEY = 488,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT = 489,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 490,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 491,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 492,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 493,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 494,
|
||||
VAR_IPSECMOD_ENABLED = 495,
|
||||
VAR_IPSECMOD_HOOK = 496,
|
||||
VAR_IPSECMOD_IGNORE_BOGUS = 497,
|
||||
VAR_IPSECMOD_MAX_TTL = 498,
|
||||
VAR_IPSECMOD_WHITELIST = 499,
|
||||
VAR_IPSECMOD_STRICT = 500,
|
||||
VAR_CACHEDB = 501,
|
||||
VAR_CACHEDB_BACKEND = 502,
|
||||
VAR_CACHEDB_SECRETSEED = 503,
|
||||
VAR_CACHEDB_REDISHOST = 504,
|
||||
VAR_CACHEDB_REDISPORT = 505,
|
||||
VAR_CACHEDB_REDISTIMEOUT = 506,
|
||||
VAR_CACHEDB_REDISEXPIRERECORDS = 507,
|
||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 508,
|
||||
VAR_FOR_UPSTREAM = 509,
|
||||
VAR_AUTH_ZONE = 510,
|
||||
VAR_ZONEFILE = 511,
|
||||
VAR_MASTER = 512,
|
||||
VAR_URL = 513,
|
||||
VAR_FOR_DOWNSTREAM = 514,
|
||||
VAR_FALLBACK_ENABLED = 515,
|
||||
VAR_TLS_ADDITIONAL_PORT = 516,
|
||||
VAR_LOW_RTT = 517,
|
||||
VAR_LOW_RTT_PERMIL = 518,
|
||||
VAR_FAST_SERVER_PERMIL = 519,
|
||||
VAR_FAST_SERVER_NUM = 520,
|
||||
VAR_ALLOW_NOTIFY = 521,
|
||||
VAR_TLS_WIN_CERT = 522,
|
||||
VAR_TCP_CONNECTION_LIMIT = 523,
|
||||
VAR_FORWARD_NO_CACHE = 524,
|
||||
VAR_STUB_NO_CACHE = 525,
|
||||
VAR_LOG_SERVFAIL = 526,
|
||||
VAR_DENY_ANY = 527,
|
||||
VAR_UNKNOWN_SERVER_TIME_LIMIT = 528,
|
||||
VAR_LOG_TAG_QUERYREPLY = 529,
|
||||
VAR_STREAM_WAIT_SIZE = 530,
|
||||
VAR_TLS_CIPHERS = 531,
|
||||
VAR_TLS_CIPHERSUITES = 532,
|
||||
VAR_TLS_USE_SNI = 533,
|
||||
VAR_IPSET = 534,
|
||||
VAR_IPSET_NAME_V4 = 535,
|
||||
VAR_IPSET_NAME_V6 = 536,
|
||||
VAR_TLS_SESSION_TICKET_KEYS = 537,
|
||||
VAR_RPZ = 538,
|
||||
VAR_TAGS = 539,
|
||||
VAR_RPZ_ACTION_OVERRIDE = 540,
|
||||
VAR_RPZ_CNAME_OVERRIDE = 541,
|
||||
VAR_RPZ_LOG = 542,
|
||||
VAR_RPZ_LOG_NAME = 543,
|
||||
VAR_DYNLIB = 544,
|
||||
VAR_DYNLIB_FILE = 545
|
||||
};
|
||||
#endif
|
||||
/* Tokens. */
|
||||
@ -499,133 +500,134 @@ extern int yydebug;
|
||||
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 415
|
||||
#define VAR_DNSTAP_SEND_IDENTITY 416
|
||||
#define VAR_DNSTAP_SEND_VERSION 417
|
||||
#define VAR_DNSTAP_IDENTITY 418
|
||||
#define VAR_DNSTAP_VERSION 419
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 420
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 421
|
||||
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 422
|
||||
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 423
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 424
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 425
|
||||
#define VAR_RESPONSE_IP_TAG 426
|
||||
#define VAR_RESPONSE_IP 427
|
||||
#define VAR_RESPONSE_IP_DATA 428
|
||||
#define VAR_HARDEN_ALGO_DOWNGRADE 429
|
||||
#define VAR_IP_TRANSPARENT 430
|
||||
#define VAR_IP_DSCP 431
|
||||
#define VAR_DISABLE_DNSSEC_LAME_CHECK 432
|
||||
#define VAR_IP_RATELIMIT 433
|
||||
#define VAR_IP_RATELIMIT_SLABS 434
|
||||
#define VAR_IP_RATELIMIT_SIZE 435
|
||||
#define VAR_RATELIMIT 436
|
||||
#define VAR_RATELIMIT_SLABS 437
|
||||
#define VAR_RATELIMIT_SIZE 438
|
||||
#define VAR_RATELIMIT_FOR_DOMAIN 439
|
||||
#define VAR_RATELIMIT_BELOW_DOMAIN 440
|
||||
#define VAR_IP_RATELIMIT_FACTOR 441
|
||||
#define VAR_RATELIMIT_FACTOR 442
|
||||
#define VAR_SEND_CLIENT_SUBNET 443
|
||||
#define VAR_CLIENT_SUBNET_ZONE 444
|
||||
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 445
|
||||
#define VAR_CLIENT_SUBNET_OPCODE 446
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 447
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 448
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV4 449
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV6 450
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV4 451
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV6 452
|
||||
#define VAR_CAPS_WHITELIST 453
|
||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 454
|
||||
#define VAR_PERMIT_SMALL_HOLDDOWN 455
|
||||
#define VAR_QNAME_MINIMISATION 456
|
||||
#define VAR_QNAME_MINIMISATION_STRICT 457
|
||||
#define VAR_IP_FREEBIND 458
|
||||
#define VAR_DEFINE_TAG 459
|
||||
#define VAR_LOCAL_ZONE_TAG 460
|
||||
#define VAR_ACCESS_CONTROL_TAG 461
|
||||
#define VAR_LOCAL_ZONE_OVERRIDE 462
|
||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 463
|
||||
#define VAR_ACCESS_CONTROL_TAG_DATA 464
|
||||
#define VAR_VIEW 465
|
||||
#define VAR_ACCESS_CONTROL_VIEW 466
|
||||
#define VAR_VIEW_FIRST 467
|
||||
#define VAR_SERVE_EXPIRED 468
|
||||
#define VAR_SERVE_EXPIRED_TTL 469
|
||||
#define VAR_SERVE_EXPIRED_TTL_RESET 470
|
||||
#define VAR_SERVE_EXPIRED_REPLY_TTL 471
|
||||
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 472
|
||||
#define VAR_FAKE_DSA 473
|
||||
#define VAR_FAKE_SHA1 474
|
||||
#define VAR_LOG_IDENTITY 475
|
||||
#define VAR_HIDE_TRUSTANCHOR 476
|
||||
#define VAR_TRUST_ANCHOR_SIGNALING 477
|
||||
#define VAR_AGGRESSIVE_NSEC 478
|
||||
#define VAR_USE_SYSTEMD 479
|
||||
#define VAR_SHM_ENABLE 480
|
||||
#define VAR_SHM_KEY 481
|
||||
#define VAR_ROOT_KEY_SENTINEL 482
|
||||
#define VAR_DNSCRYPT 483
|
||||
#define VAR_DNSCRYPT_ENABLE 484
|
||||
#define VAR_DNSCRYPT_PORT 485
|
||||
#define VAR_DNSCRYPT_PROVIDER 486
|
||||
#define VAR_DNSCRYPT_SECRET_KEY 487
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT 488
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 489
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 490
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 491
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 492
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 493
|
||||
#define VAR_IPSECMOD_ENABLED 494
|
||||
#define VAR_IPSECMOD_HOOK 495
|
||||
#define VAR_IPSECMOD_IGNORE_BOGUS 496
|
||||
#define VAR_IPSECMOD_MAX_TTL 497
|
||||
#define VAR_IPSECMOD_WHITELIST 498
|
||||
#define VAR_IPSECMOD_STRICT 499
|
||||
#define VAR_CACHEDB 500
|
||||
#define VAR_CACHEDB_BACKEND 501
|
||||
#define VAR_CACHEDB_SECRETSEED 502
|
||||
#define VAR_CACHEDB_REDISHOST 503
|
||||
#define VAR_CACHEDB_REDISPORT 504
|
||||
#define VAR_CACHEDB_REDISTIMEOUT 505
|
||||
#define VAR_CACHEDB_REDISEXPIRERECORDS 506
|
||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 507
|
||||
#define VAR_FOR_UPSTREAM 508
|
||||
#define VAR_AUTH_ZONE 509
|
||||
#define VAR_ZONEFILE 510
|
||||
#define VAR_MASTER 511
|
||||
#define VAR_URL 512
|
||||
#define VAR_FOR_DOWNSTREAM 513
|
||||
#define VAR_FALLBACK_ENABLED 514
|
||||
#define VAR_TLS_ADDITIONAL_PORT 515
|
||||
#define VAR_LOW_RTT 516
|
||||
#define VAR_LOW_RTT_PERMIL 517
|
||||
#define VAR_FAST_SERVER_PERMIL 518
|
||||
#define VAR_FAST_SERVER_NUM 519
|
||||
#define VAR_ALLOW_NOTIFY 520
|
||||
#define VAR_TLS_WIN_CERT 521
|
||||
#define VAR_TCP_CONNECTION_LIMIT 522
|
||||
#define VAR_FORWARD_NO_CACHE 523
|
||||
#define VAR_STUB_NO_CACHE 524
|
||||
#define VAR_LOG_SERVFAIL 525
|
||||
#define VAR_DENY_ANY 526
|
||||
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 527
|
||||
#define VAR_LOG_TAG_QUERYREPLY 528
|
||||
#define VAR_STREAM_WAIT_SIZE 529
|
||||
#define VAR_TLS_CIPHERS 530
|
||||
#define VAR_TLS_CIPHERSUITES 531
|
||||
#define VAR_TLS_USE_SNI 532
|
||||
#define VAR_IPSET 533
|
||||
#define VAR_IPSET_NAME_V4 534
|
||||
#define VAR_IPSET_NAME_V6 535
|
||||
#define VAR_TLS_SESSION_TICKET_KEYS 536
|
||||
#define VAR_RPZ 537
|
||||
#define VAR_TAGS 538
|
||||
#define VAR_RPZ_ACTION_OVERRIDE 539
|
||||
#define VAR_RPZ_CNAME_OVERRIDE 540
|
||||
#define VAR_RPZ_LOG 541
|
||||
#define VAR_RPZ_LOG_NAME 542
|
||||
#define VAR_DYNLIB 543
|
||||
#define VAR_DYNLIB_FILE 544
|
||||
#define VAR_DNSTAP_BIDIRECTIONAL 418
|
||||
#define VAR_DNSTAP_IDENTITY 419
|
||||
#define VAR_DNSTAP_VERSION 420
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 421
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 422
|
||||
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 423
|
||||
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 424
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 425
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 426
|
||||
#define VAR_RESPONSE_IP_TAG 427
|
||||
#define VAR_RESPONSE_IP 428
|
||||
#define VAR_RESPONSE_IP_DATA 429
|
||||
#define VAR_HARDEN_ALGO_DOWNGRADE 430
|
||||
#define VAR_IP_TRANSPARENT 431
|
||||
#define VAR_IP_DSCP 432
|
||||
#define VAR_DISABLE_DNSSEC_LAME_CHECK 433
|
||||
#define VAR_IP_RATELIMIT 434
|
||||
#define VAR_IP_RATELIMIT_SLABS 435
|
||||
#define VAR_IP_RATELIMIT_SIZE 436
|
||||
#define VAR_RATELIMIT 437
|
||||
#define VAR_RATELIMIT_SLABS 438
|
||||
#define VAR_RATELIMIT_SIZE 439
|
||||
#define VAR_RATELIMIT_FOR_DOMAIN 440
|
||||
#define VAR_RATELIMIT_BELOW_DOMAIN 441
|
||||
#define VAR_IP_RATELIMIT_FACTOR 442
|
||||
#define VAR_RATELIMIT_FACTOR 443
|
||||
#define VAR_SEND_CLIENT_SUBNET 444
|
||||
#define VAR_CLIENT_SUBNET_ZONE 445
|
||||
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 446
|
||||
#define VAR_CLIENT_SUBNET_OPCODE 447
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 448
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 449
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV4 450
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV6 451
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV4 452
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV6 453
|
||||
#define VAR_CAPS_WHITELIST 454
|
||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 455
|
||||
#define VAR_PERMIT_SMALL_HOLDDOWN 456
|
||||
#define VAR_QNAME_MINIMISATION 457
|
||||
#define VAR_QNAME_MINIMISATION_STRICT 458
|
||||
#define VAR_IP_FREEBIND 459
|
||||
#define VAR_DEFINE_TAG 460
|
||||
#define VAR_LOCAL_ZONE_TAG 461
|
||||
#define VAR_ACCESS_CONTROL_TAG 462
|
||||
#define VAR_LOCAL_ZONE_OVERRIDE 463
|
||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 464
|
||||
#define VAR_ACCESS_CONTROL_TAG_DATA 465
|
||||
#define VAR_VIEW 466
|
||||
#define VAR_ACCESS_CONTROL_VIEW 467
|
||||
#define VAR_VIEW_FIRST 468
|
||||
#define VAR_SERVE_EXPIRED 469
|
||||
#define VAR_SERVE_EXPIRED_TTL 470
|
||||
#define VAR_SERVE_EXPIRED_TTL_RESET 471
|
||||
#define VAR_SERVE_EXPIRED_REPLY_TTL 472
|
||||
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 473
|
||||
#define VAR_FAKE_DSA 474
|
||||
#define VAR_FAKE_SHA1 475
|
||||
#define VAR_LOG_IDENTITY 476
|
||||
#define VAR_HIDE_TRUSTANCHOR 477
|
||||
#define VAR_TRUST_ANCHOR_SIGNALING 478
|
||||
#define VAR_AGGRESSIVE_NSEC 479
|
||||
#define VAR_USE_SYSTEMD 480
|
||||
#define VAR_SHM_ENABLE 481
|
||||
#define VAR_SHM_KEY 482
|
||||
#define VAR_ROOT_KEY_SENTINEL 483
|
||||
#define VAR_DNSCRYPT 484
|
||||
#define VAR_DNSCRYPT_ENABLE 485
|
||||
#define VAR_DNSCRYPT_PORT 486
|
||||
#define VAR_DNSCRYPT_PROVIDER 487
|
||||
#define VAR_DNSCRYPT_SECRET_KEY 488
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT 489
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 490
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 491
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 492
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 493
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 494
|
||||
#define VAR_IPSECMOD_ENABLED 495
|
||||
#define VAR_IPSECMOD_HOOK 496
|
||||
#define VAR_IPSECMOD_IGNORE_BOGUS 497
|
||||
#define VAR_IPSECMOD_MAX_TTL 498
|
||||
#define VAR_IPSECMOD_WHITELIST 499
|
||||
#define VAR_IPSECMOD_STRICT 500
|
||||
#define VAR_CACHEDB 501
|
||||
#define VAR_CACHEDB_BACKEND 502
|
||||
#define VAR_CACHEDB_SECRETSEED 503
|
||||
#define VAR_CACHEDB_REDISHOST 504
|
||||
#define VAR_CACHEDB_REDISPORT 505
|
||||
#define VAR_CACHEDB_REDISTIMEOUT 506
|
||||
#define VAR_CACHEDB_REDISEXPIRERECORDS 507
|
||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 508
|
||||
#define VAR_FOR_UPSTREAM 509
|
||||
#define VAR_AUTH_ZONE 510
|
||||
#define VAR_ZONEFILE 511
|
||||
#define VAR_MASTER 512
|
||||
#define VAR_URL 513
|
||||
#define VAR_FOR_DOWNSTREAM 514
|
||||
#define VAR_FALLBACK_ENABLED 515
|
||||
#define VAR_TLS_ADDITIONAL_PORT 516
|
||||
#define VAR_LOW_RTT 517
|
||||
#define VAR_LOW_RTT_PERMIL 518
|
||||
#define VAR_FAST_SERVER_PERMIL 519
|
||||
#define VAR_FAST_SERVER_NUM 520
|
||||
#define VAR_ALLOW_NOTIFY 521
|
||||
#define VAR_TLS_WIN_CERT 522
|
||||
#define VAR_TCP_CONNECTION_LIMIT 523
|
||||
#define VAR_FORWARD_NO_CACHE 524
|
||||
#define VAR_STUB_NO_CACHE 525
|
||||
#define VAR_LOG_SERVFAIL 526
|
||||
#define VAR_DENY_ANY 527
|
||||
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 528
|
||||
#define VAR_LOG_TAG_QUERYREPLY 529
|
||||
#define VAR_STREAM_WAIT_SIZE 530
|
||||
#define VAR_TLS_CIPHERS 531
|
||||
#define VAR_TLS_CIPHERSUITES 532
|
||||
#define VAR_TLS_USE_SNI 533
|
||||
#define VAR_IPSET 534
|
||||
#define VAR_IPSET_NAME_V4 535
|
||||
#define VAR_IPSET_NAME_V6 536
|
||||
#define VAR_TLS_SESSION_TICKET_KEYS 537
|
||||
#define VAR_RPZ 538
|
||||
#define VAR_TAGS 539
|
||||
#define VAR_RPZ_ACTION_OVERRIDE 540
|
||||
#define VAR_RPZ_CNAME_OVERRIDE 541
|
||||
#define VAR_RPZ_LOG 542
|
||||
#define VAR_RPZ_LOG_NAME 543
|
||||
#define VAR_DYNLIB 544
|
||||
#define VAR_DYNLIB_FILE 545
|
||||
|
||||
/* Value type. */
|
||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||
@ -635,7 +637,7 @@ union YYSTYPE
|
||||
|
||||
char* str;
|
||||
|
||||
#line 639 "util/configparser.h"
|
||||
#line 641 "util/configparser.h"
|
||||
|
||||
};
|
||||
typedef union YYSTYPE YYSTYPE;
|
||||
|
@ -119,7 +119,7 @@ extern struct config_parser_state* cfg_parser;
|
||||
%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
|
||||
%token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
|
||||
%token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE
|
||||
%token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION
|
||||
%token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL
|
||||
%token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
|
||||
%token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES
|
||||
%token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES
|
||||
@ -2758,7 +2758,7 @@ dtstart: VAR_DNSTAP
|
||||
;
|
||||
contents_dt: contents_dt content_dt
|
||||
| ;
|
||||
content_dt: dt_dnstap_enable | dt_dnstap_socket_path |
|
||||
content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional |
|
||||
dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name |
|
||||
dt_dnstap_tls_cert_bundle |
|
||||
dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file |
|
||||
@ -2780,6 +2780,16 @@ dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2));
|
||||
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->dnstap_bidirectional =
|
||||
(strcmp($2, "yes")==0);
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2));
|
||||
|
Loading…
Reference in New Issue
Block a user