aboutsummaryrefslogtreecommitdiff
path: root/util/config_file.c
diff options
context:
space:
mode:
Diffstat (limited to 'util/config_file.c')
-rw-r--r--util/config_file.c84
1 files changed, 81 insertions, 3 deletions
diff --git a/util/config_file.c b/util/config_file.c
index 4d87dee9b496..50b0e645af8f 100644
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -105,11 +105,14 @@ config_create(void)
cfg->do_ip6 = 1;
cfg->do_udp = 1;
cfg->do_tcp = 1;
+ cfg->tcp_reuse_timeout = 60 * 1000; /* 60s in milisecs */
+ cfg->max_reuse_tcp_queries = 200;
cfg->tcp_upstream = 0;
cfg->udp_upstream_without_downstream = 0;
cfg->tcp_mss = 0;
cfg->outgoing_tcp_mss = 0;
cfg->tcp_idle_timeout = 30 * 1000; /* 30s in millisecs */
+ cfg->tcp_auth_query_timeout = 3 * 1000; /* 3s in millisecs */
cfg->do_tcp_keepalive = 0;
cfg->tcp_keepalive_timeout = 120 * 1000; /* 120s in millisecs */
cfg->ssl_service_key = NULL;
@@ -235,8 +238,10 @@ config_create(void)
cfg->hide_identity = 0;
cfg->hide_version = 0;
cfg->hide_trustanchor = 0;
+ cfg->hide_http_user_agent = 0;
cfg->identity = NULL;
cfg->version = NULL;
+ cfg->http_user_agent = NULL;
cfg->nsid_cfg_str = NULL;
cfg->nsid = NULL;
cfg->nsid_len = 0;
@@ -250,6 +255,7 @@ config_create(void)
cfg->val_date_override = 0;
cfg->val_sig_skew_min = 3600; /* at least daylight savings trouble */
cfg->val_sig_skew_max = 86400; /* at most timezone settings trouble */
+ cfg->val_max_restart = 5;
cfg->val_clean_additional = 1;
cfg->val_log_level = 0;
cfg->val_log_squelch = 0;
@@ -262,6 +268,7 @@ config_create(void)
cfg->serve_expired_reply_ttl = 30;
cfg->serve_expired_client_timeout = 0;
cfg->serve_original_ttl = 0;
+ cfg->zonemd_permissive_mode = 0;
cfg->add_holddown = 30*24*3600;
cfg->del_holddown = 30*24*3600;
cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */
@@ -305,7 +312,7 @@ config_create(void)
if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit;
#endif
if(!(cfg->val_nsec3_key_iterations =
- strdup("1024 150 2048 500 4096 2500"))) goto error_exit;
+ strdup("1024 150 2048 150 4096 150"))) goto error_exit;
#if defined(DNSTAP_SOCKET_PATH)
if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH)))
goto error_exit;
@@ -516,7 +523,10 @@ int config_set_option(struct config_file* cfg, const char* opt,
udp_upstream_without_downstream)
else S_NUMBER_NONZERO("tcp-mss:", tcp_mss)
else S_NUMBER_NONZERO("outgoing-tcp-mss:", outgoing_tcp_mss)
+ else S_NUMBER_NONZERO("tcp-auth-query-timeout:", tcp_auth_query_timeout)
else S_NUMBER_NONZERO("tcp-idle-timeout:", tcp_idle_timeout)
+ else S_NUMBER_NONZERO("max-reuse-tcp-queries:", max_reuse_tcp_queries)
+ else S_NUMBER_NONZERO("tcp-reuse-timeout:", tcp_reuse_timeout)
else S_YNO("edns-tcp-keepalive:", do_tcp_keepalive)
else S_NUMBER_NONZERO("edns-tcp-keepalive-timeout:", tcp_keepalive_timeout)
else S_YNO("ssl-upstream:", ssl_upstream)
@@ -587,8 +597,10 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_YNO("hide-identity:", hide_identity)
else S_YNO("hide-version:", hide_version)
else S_YNO("hide-trustanchor:", hide_trustanchor)
+ else S_YNO("hide-http-user-agent:", hide_http_user_agent)
else S_STR("identity:", identity)
else S_STR("version:", version)
+ else S_STR("http-user-agent:", http_user_agent)
else if(strcmp(opt, "nsid:") == 0) {
free(cfg->nsid_cfg_str);
if (!(cfg->nsid_cfg_str = strdup(val)))
@@ -649,6 +661,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_NUMBER_OR_ZERO("serve-expired-client-timeout:", serve_expired_client_timeout)
else S_YNO("serve-original-ttl:", serve_original_ttl)
else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations)
+ else S_YNO("zonemd-permissive-mode:", zonemd_permissive_mode)
else S_UNSIGNED_OR_ZERO("add-holddown:", add_holddown)
else S_UNSIGNED_OR_ZERO("del-holddown:", del_holddown)
else S_UNSIGNED_OR_ZERO("keep-missing:", keep_missing)
@@ -756,12 +769,14 @@ int config_set_option(struct config_file* cfg, const char* opt,
#endif
else if(strcmp(opt, "define-tag:") ==0) {
return config_add_tag(cfg, val);
- /* val_sig_skew_min and max are copied into val_env during init,
- * so this does not update val_env with set_option */
+ /* val_sig_skew_min, max and val_max_restart are copied into val_env
+ * during init so this does not update val_env with set_option */
} else if(strcmp(opt, "val-sig-skew-min:") == 0)
{ IS_NUMBER_OR_ZERO; cfg->val_sig_skew_min = (int32_t)atoi(val); }
else if(strcmp(opt, "val-sig-skew-max:") == 0)
{ IS_NUMBER_OR_ZERO; cfg->val_sig_skew_max = (int32_t)atoi(val); }
+ else if(strcmp(opt, "val-max-restart:") == 0)
+ { IS_NUMBER_OR_ZERO; cfg->val_max_restart = (int32_t)atoi(val); }
else if (strcmp(opt, "outgoing-interface:") == 0) {
char* d = strdup(val);
char** oi =
@@ -1005,7 +1020,10 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_YNO(opt, "udp-upstream-without-downstream", udp_upstream_without_downstream)
else O_DEC(opt, "tcp-mss", tcp_mss)
else O_DEC(opt, "outgoing-tcp-mss", outgoing_tcp_mss)
+ else O_DEC(opt, "tcp-auth-query-timeout", tcp_auth_query_timeout)
else O_DEC(opt, "tcp-idle-timeout", tcp_idle_timeout)
+ else O_DEC(opt, "max-reuse-tcp-queries", max_reuse_tcp_queries)
+ else O_DEC(opt, "tcp-reuse-timeout", tcp_reuse_timeout)
else O_YNO(opt, "edns-tcp-keepalive", do_tcp_keepalive)
else O_DEC(opt, "edns-tcp-keepalive-timeout", tcp_keepalive_timeout)
else O_YNO(opt, "ssl-upstream", ssl_upstream)
@@ -1041,8 +1059,10 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_YNO(opt, "hide-identity", hide_identity)
else O_YNO(opt, "hide-version", hide_version)
else O_YNO(opt, "hide-trustanchor", hide_trustanchor)
+ else O_YNO(opt, "hide-http-user-agent", hide_http_user_agent)
else O_STR(opt, "identity", identity)
else O_STR(opt, "version", version)
+ else O_STR(opt, "http-user-agent", http_user_agent)
else O_STR(opt, "nsid", nsid_cfg_str)
else O_STR(opt, "target-fetch-policy", target_fetch_policy)
else O_YNO(opt, "harden-short-bufsize", harden_short_bufsize)
@@ -1070,6 +1090,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "serve-expired-client-timeout", serve_expired_client_timeout)
else O_YNO(opt, "serve-original-ttl", serve_original_ttl)
else O_STR(opt, "val-nsec3-keysize-iterations",val_nsec3_key_iterations)
+ else O_YNO(opt, "zonemd-permissive-mode", zonemd_permissive_mode)
else O_UNS(opt, "add-holddown", add_holddown)
else O_UNS(opt, "del-holddown", del_holddown)
else O_UNS(opt, "keep-missing", keep_missing)
@@ -1178,6 +1199,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "fast-server-permil", fast_server_permil)
else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
else O_DEC(opt, "val-sig-skew-max", val_sig_skew_max)
+ else O_DEC(opt, "val-max-restart", val_max_restart)
else O_YNO(opt, "qname-minimisation", qname_minimisation)
else O_YNO(opt, "qname-minimisation-strict", qname_minimisation_strict)
else O_IFC(opt, "define-tag", num_tags, tagname)
@@ -1516,6 +1538,7 @@ config_delete(struct config_file* cfg)
#endif
free(cfg->identity);
free(cfg->version);
+ free(cfg->http_user_agent);
free(cfg->nsid_cfg_str);
free(cfg->nsid);
free(cfg->module_conf);
@@ -1681,6 +1704,37 @@ int cfg_condense_ports(struct config_file* cfg, int** avail)
return num;
}
+void cfg_apply_local_port_policy(struct config_file* cfg, int num) {
+(void)cfg;
+(void)num;
+#ifdef USE_LINUX_IP_LOCAL_PORT_RANGE
+ {
+ int i = 0;
+ FILE* range_fd;
+ if ((range_fd = fopen(LINUX_IP_LOCAL_PORT_RANGE_PATH, "r")) != NULL) {
+ int min_port = 0;
+ int max_port = num - 1;
+ if (fscanf(range_fd, "%d %d", &min_port, &max_port) == 2) {
+ for(i=0; i<min_port; i++) {
+ cfg->outgoing_avail_ports[i] = 0;
+ }
+ for(i=max_port+1; i<num; i++) {
+ cfg->outgoing_avail_ports[i] = 0;
+ }
+ } else {
+ log_err("unexpected port range in %s",
+ LINUX_IP_LOCAL_PORT_RANGE_PATH);
+ }
+ fclose(range_fd);
+ } else {
+ log_err("failed to read from file: %s (%s)",
+ LINUX_IP_LOCAL_PORT_RANGE_PATH,
+ strerror(errno));
+ }
+ }
+#endif
+}
+
/** print error with file and line number */
static void ub_c_error_va_list(const char *fmt, va_list args)
{
@@ -2605,3 +2659,27 @@ int options_remote_is_address(struct config_file* cfg)
return (cfg->control_ifs.first->str[0] != '/');
}
+/** see if interface is https, its port number == the https port number */
+int
+if_is_https(const char* ifname, const char* port, int https_port)
+{
+ char* p = strchr(ifname, '@');
+ if(!p && atoi(port) == https_port)
+ return 1;
+ if(p && atoi(p+1) == https_port)
+ return 1;
+ return 0;
+}
+
+/** see if config contains https turned on */
+int cfg_has_https(struct config_file* cfg)
+{
+ int i;
+ char portbuf[32];
+ snprintf(portbuf, sizeof(portbuf), "%d", cfg->port);
+ for(i = 0; i<cfg->num_ifs; i++) {
+ if(if_is_https(cfg->ifs[i], portbuf, cfg->https_port))
+ return 1;
+ }
+ return 0;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-25 15:28:33 +0000