vendor/unbound/1.6.2

1 files changed, 42 insertions, 2 deletions

diff --git a/util/config_file.h b/util/config_file.h
index d52c2f48104d9..79b0948940226 100644
--- a/util/config_file.h
+++ b/util/config_file.h
@@ -172,6 +172,18 @@ struct config_file {
 	struct config_view* views;
 	/** list of donotquery addresses, linked list */
 	struct config_strlist* donotqueryaddrs;
+#ifdef CLIENT_SUBNET
+	/** list of servers we send edns-client-subnet option to and 
+	 * accept option from, linked list */
+	struct config_strlist* client_subnet;
+	/** opcode assigned by IANA for edns0-client-subnet option */
+	uint16_t client_subnet_opcode;
+	/** Do not check whitelist if incoming query contains an ECS record */
+	int client_subnet_always_forward;
+	/** Subnet length we are willing to give up privacy for */
+	uint8_t max_client_subnet_ipv4;
+	uint8_t max_client_subnet_ipv6;
+#endif
 	/** list of access control entries, linked list */
 	struct config_str2list* acls;
 	/** use default localhost donotqueryaddr entries */
@@ -238,6 +250,8 @@ struct config_file {
 	int hide_identity;
 	/** do not report version (version.server, version.bind) */
 	int hide_version;
+	/** do not report trustanchor (trustanchor.unbound) */
+	int hide_trustanchor;
 	/** identity, hostname is returned if "". */
 	char* identity;
 	/** version, package version returned if "". */
@@ -321,6 +335,12 @@ struct config_file {
 	struct config_str3list* acl_tag_datas;
 	/** list of aclname, view*/
 	struct config_str2list* acl_view;
+	/** list of IP-netblock, tagbitlist */
+	struct config_strbytelist* respip_tags;
+	/** list of response-driven access control entries, linked list */
+	struct config_str2list* respip_actions;
+	/** RRs configured for response-driven access controls */
+	struct config_str2list* respip_data;
 	/** tag list, array with tagname[i] is malloced string */
 	char** tagname;
 	/** number of items in the taglist */
@@ -422,6 +442,22 @@ struct config_file {
 	/** minimise QNAME in strict mode, minimise according to RFC.
 	 *  Do not apply fallback */
 	int qname_minimisation_strict;
+	/** SHM data - true if shm is enabled */
+	int shm_enable;
+	/** SHM data - key for the shm */
+	int shm_key;
+
+	/** DNSCrypt */
+	/** true to enable dnscrypt */
+	int dnscrypt;
+	/** port on which to provide dnscrypt service */
+	int dnscrypt_port;
+	/** provider name 2.dnscrypt-cert.example.com */
+	char* dnscrypt_provider;
+	/** dnscrypt secret keys 1.key */
+	struct config_strlist* dnscrypt_secret_key;
+	/** dnscrypt provider certs 1.cert */
+	struct config_strlist* dnscrypt_provider_cert;
 };
 
 /** from cfg username, after daemonise setup performed */
@@ -447,7 +483,7 @@ struct config_stub {
 	int isprime;
 	/** if forward-first is set (failover to without if fails) */
 	int isfirst;
-	/* use SSL for queries to this stub */
+	/** use SSL for queries to this stub */
 	int ssl_upstream;
 };
 
@@ -468,6 +504,10 @@ struct config_view {
 	/** Fallback to global local_zones when there is no match in the view
 	 * view specific tree. 1 for yes, 0 for no */	
 	int isfirst;
+	/** predefined actions for particular IP address responses */
+	struct config_str2list* respip_actions;
+	/** data complementing the 'redirect' response IP actions */
+	struct config_str2list* respip_data;
 };
 
 /**
@@ -964,6 +1004,6 @@ void w_config_adjust_directory(struct config_file* cfg);
 #endif /* UB_ON_WINDOWS */
 
 /** debug option for unit tests. */
-extern int fake_dsa;
+extern int fake_dsa, fake_sha1;
 
 #endif /* UTIL_CONFIG_FILE_H */