1 /* 2 * options.h -- nsd.conf options definitions and prototypes 3 * 4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. 5 * 6 * See LICENSE for the license. 7 * 8 */ 9 10 #ifndef OPTIONS_H 11 #define OPTIONS_H 12 13 #include <stdarg.h> 14 #ifdef HAVE_SSL 15 #include <openssl/ssl.h> 16 #endif 17 #include "region-allocator.h" 18 #include "rbtree.h" 19 struct query; 20 struct dname; 21 struct tsig_key; 22 struct buffer; 23 struct nsd; 24 struct proxy_protocol_port_list; 25 26 27 typedef struct nsd_options nsd_options_type; 28 typedef struct pattern_options pattern_options_type; 29 typedef struct zone_options zone_options_type; 30 typedef struct range_option range_option_type; 31 typedef struct ip_address_option ip_address_option_type; 32 typedef struct cpu_option cpu_option_type; 33 typedef struct cpu_map_option cpu_map_option_type; 34 typedef struct acl_options acl_options_type; 35 typedef struct key_options key_options_type; 36 typedef struct tls_auth_options tls_auth_options_type; 37 typedef struct config_parser_state config_parser_state_type; 38 39 #define VERIFY_ZONE_INHERIT (2) 40 #define VERIFIER_FEED_ZONE_INHERIT (2) 41 #define VERIFIER_TIMEOUT_INHERIT (-1) 42 #define CATALOG_ROLE_INHERIT (0) 43 #define CATALOG_ROLE_CONSUMER (1) 44 #define CATALOG_ROLE_PRODUCER (2) 45 46 /* 47 * Options global for nsd. 48 */ 49 struct nsd_options { 50 /* config file name */ 51 char* configfile; 52 /* options for zones, by apex, contains zone_options */ 53 rbtree_type* zone_options; 54 /* patterns, by name, contains pattern_options */ 55 rbtree_type* patterns; 56 57 /* free space in zonelist file, contains zonelist_bucket */ 58 rbtree_type* zonefree; 59 /* number of free space lines in zonelist file */ 60 size_t zonefree_number; 61 /* zonelist file if open */ 62 FILE* zonelist; 63 /* last offset in file (or 0 if none) */ 64 off_t zonelist_off; 65 66 /* tree of zonestat names and their id values, entries are struct 67 * zonestatname with malloced key=stringname. The number of items 68 * is the max statnameid, no items are freed from this. 69 * kept correct in the xfrd process, and on startup. */ 70 rbtree_type* zonestatnames; 71 72 /* rbtree of keys defined, by name */ 73 rbtree_type* keys; 74 75 /* rbtree of tls_auth defined, by name */ 76 rbtree_type* tls_auths; 77 78 /* list of ip addresses to bind to (or NULL for all) */ 79 struct ip_address_option* ip_addresses; 80 81 int ip_transparent; 82 int ip_freebind; 83 int send_buffer_size; 84 int receive_buffer_size; 85 int debug_mode; 86 int verbosity; 87 int hide_version; 88 int hide_identity; 89 int drop_updates; 90 int do_ip4; 91 int do_ip6; 92 const char* identity; 93 const char* version; 94 const char* logfile; 95 int log_only_syslog; 96 int server_count; 97 struct cpu_option* cpu_affinity; 98 struct cpu_map_option* service_cpu_affinity; 99 int tcp_count; 100 int tcp_reject_overflow; 101 int confine_to_zone; 102 int tcp_query_count; 103 int tcp_timeout; 104 int tcp_mss; 105 int outgoing_tcp_mss; 106 int tcp_listen_queue; 107 size_t ipv4_edns_size; 108 size_t ipv6_edns_size; 109 const char* pidfile; 110 const char* port; 111 int statistics; 112 const char* chroot; 113 const char* username; 114 const char* zonesdir; 115 const char* xfrdfile; 116 const char* xfrdir; 117 const char* zonelistfile; 118 const char* nsid; 119 int xfrd_reload_timeout; 120 int reload_config; 121 int zonefiles_check; 122 int zonefiles_write; 123 int log_time_ascii; 124 int log_time_iso; 125 int round_robin; 126 int minimal_responses; 127 int refuse_any; 128 int reuseport; 129 /* max number of xfrd tcp sockets */ 130 int xfrd_tcp_max; 131 /* max number of simultaneous requests on xfrd tcp socket */ 132 int xfrd_tcp_pipeline; 133 134 /* private key file for TLS */ 135 char* tls_service_key; 136 /* ocsp stapling file for TLS */ 137 char* tls_service_ocsp; 138 /* certificate file for TLS */ 139 char* tls_service_pem; 140 /* TLS dedicated port */ 141 const char* tls_port; 142 /* TLS-AUTH dedicated port */ 143 const char* tls_auth_port; 144 /* TLS certificate bundle */ 145 const char* tls_cert_bundle; 146 /* Answer XFR only from tls_auth_port and after authentication */ 147 int tls_auth_xfr_only; 148 149 /* proxy protocol port list */ 150 struct proxy_protocol_port_list* proxy_protocol_port; 151 152 /** remote control section. enable toggle. */ 153 int control_enable; 154 /** the interfaces the remote control should listen on */ 155 struct ip_address_option* control_interface; 156 /** port number for the control port */ 157 int control_port; 158 /** private key file for server */ 159 char* server_key_file; 160 /** certificate file for server */ 161 char* server_cert_file; 162 /** private key file for nsd-control */ 163 char* control_key_file; 164 /** certificate file for nsd-control */ 165 char* control_cert_file; 166 167 #ifdef USE_XDP 168 /** XDP interface name */ 169 const char* xdp_interface; 170 /** XDP/eBPF program file path */ 171 const char* xdp_program_path; 172 /** if NSD should load the XDP/eBPF program */ 173 int xdp_program_load; 174 /** path to bpffs for pinned BPF objects */ 175 const char* xdp_bpffs_path; 176 /** force copy mode instead of zero copy mode */ 177 int xdp_force_copy; 178 #endif 179 180 #ifdef USE_METRICS 181 /** metrics section. enable toggle. */ 182 int metrics_enable; 183 /** the interfaces the metrics endpoint should listen on */ 184 struct ip_address_option* metrics_interface; 185 /** port number for the metrics endpoint */ 186 int metrics_port; 187 /** HTTP path for the metrics endpoint */ 188 char* metrics_path; 189 #endif /* USE_METRICS */ 190 191 #ifdef RATELIMIT 192 /** number of buckets in rrl hashtable */ 193 size_t rrl_size; 194 /** max qps for queries, 0 is nolimit */ 195 size_t rrl_ratelimit; 196 /** ratio of slipped responses, 0 is noslip */ 197 size_t rrl_slip; 198 /** ip prefix length */ 199 size_t rrl_ipv4_prefix_length; 200 size_t rrl_ipv6_prefix_length; 201 /** max qps for whitelisted queries, 0 is nolimit */ 202 size_t rrl_whitelist_ratelimit; 203 #endif 204 /** if dnstap is enabled */ 205 int dnstap_enable; 206 /** dnstap socket path */ 207 char* dnstap_socket_path; 208 /** dnstap IP, if "", it uses socket path. */ 209 char* dnstap_ip; 210 /** dnstap TLS enable */ 211 int dnstap_tls; 212 /** dnstap tls server authentication name */ 213 char* dnstap_tls_server_name; 214 /** dnstap server cert bundle */ 215 char* dnstap_tls_cert_bundle; 216 /** dnstap client key for client authentication */ 217 char* dnstap_tls_client_key_file; 218 /** dnstap client cert for client authentication */ 219 char* dnstap_tls_client_cert_file; 220 /** true to send "identity" via dnstap */ 221 int dnstap_send_identity; 222 /** true to send "version" via dnstap */ 223 int dnstap_send_version; 224 /** dnstap "identity", hostname is used if "". */ 225 char* dnstap_identity; 226 /** dnstap "version", package version is used if "". */ 227 char* dnstap_version; 228 /** true to log dnstap AUTH_QUERY message events */ 229 int dnstap_log_auth_query_messages; 230 /** true to log dnstap AUTH_RESPONSE message events */ 231 int dnstap_log_auth_response_messages; 232 233 /** do answer with server cookie when request contained cookie option */ 234 int answer_cookie; 235 /** cookie secret */ 236 char *cookie_secret; 237 /** cookie staging secret */ 238 char *cookie_staging_secret; 239 /** path to cookie secret store */ 240 char *cookie_secret_file; 241 /** set when the cookie_secret_file whas not explicitely configured */ 242 uint8_t cookie_secret_file_is_default; 243 /** enable verify */ 244 int verify_enable; 245 /** list of ip addresses used to serve zones for verification */ 246 struct ip_address_option* verify_ip_addresses; 247 /** default port 5347 */ 248 char *verify_port; 249 /** verify zones by default */ 250 int verify_zones; 251 /** default command to verify zones with */ 252 char **verifier; 253 /** maximum number of verifiers that may run simultaneously */ 254 int verifier_count; 255 /** whether or not to feed the zone to the verifier over stdin */ 256 uint8_t verifier_feed_zone; 257 /** maximum number of seconds that a verifier may take */ 258 uint32_t verifier_timeout; 259 260 region_type* region; 261 }; 262 263 struct range_option { 264 struct range_option* next; 265 int first; 266 int last; 267 }; 268 269 struct ip_address_option { 270 struct ip_address_option* next; 271 char* address; 272 struct range_option* servers; 273 int dev; 274 int fib; 275 }; 276 277 struct cpu_option { 278 struct cpu_option* next; 279 int cpu; 280 }; 281 282 struct cpu_map_option { 283 struct cpu_map_option* next; 284 int service; 285 int cpu; 286 }; 287 288 /* 289 * Defines for min_expire_time_expr value 290 */ 291 #define EXPIRE_TIME_HAS_VALUE 0 292 #define EXPIRE_TIME_IS_DEFAULT 1 293 #define REFRESHPLUSRETRYPLUS1 2 294 #define REFRESHPLUSRETRYPLUS1_STR "refresh+retry+1" 295 #define expire_time_is_default(x) (!( (x) == REFRESHPLUSRETRYPLUS1 \ 296 || (x) == EXPIRE_TIME_HAS_VALUE )) 297 298 299 /* 300 * Pattern of zone options, used to contain options for zone(s). 301 */ 302 struct pattern_options { 303 rbnode_type node; 304 const char* pname; /* name of the pattern, key of rbtree */ 305 const char* zonefile; 306 struct acl_options* allow_notify; 307 struct acl_options* request_xfr; 308 struct acl_options* notify; 309 struct acl_options* provide_xfr; 310 struct acl_options* allow_query; 311 struct acl_options* outgoing_interface; 312 const char* zonestats; 313 #ifdef RATELIMIT 314 uint16_t rrl_whitelist; /* bitmap with rrl types */ 315 #endif 316 uint8_t allow_axfr_fallback; 317 uint8_t allow_axfr_fallback_is_default; 318 uint8_t notify_retry; 319 uint8_t notify_retry_is_default; 320 uint8_t implicit; /* pattern is implicit, part_of_config zone used */ 321 uint8_t xfrd_flags; 322 uint32_t max_refresh_time; 323 uint8_t max_refresh_time_is_default; 324 uint32_t min_refresh_time; 325 uint8_t min_refresh_time_is_default; 326 uint32_t max_retry_time; 327 uint8_t max_retry_time_is_default; 328 uint32_t min_retry_time; 329 uint8_t min_retry_time_is_default; 330 uint32_t min_expire_time; 331 /* min_expir_time_expr is either a known value (REFRESHPLUSRETRYPLUS1 332 * or EXPIRE_EXPR_HAS_VALUE) or else min_expire_time is the default. 333 * This can be tested with expire_time_is_default(x) define. 334 */ 335 uint8_t min_expire_time_expr; 336 uint64_t size_limit_xfr; 337 uint8_t multi_primary_check; 338 uint8_t store_ixfr; 339 uint8_t store_ixfr_is_default; 340 uint64_t ixfr_size; 341 uint8_t ixfr_size_is_default; 342 uint32_t ixfr_number; 343 uint8_t ixfr_number_is_default; 344 uint8_t create_ixfr; 345 uint8_t create_ixfr_is_default; 346 uint8_t verify_zone; 347 uint8_t verify_zone_is_default; 348 char **verifier; 349 uint8_t verifier_feed_zone; 350 uint8_t verifier_feed_zone_is_default; 351 int32_t verifier_timeout; 352 uint8_t verifier_timeout_is_default; 353 uint8_t catalog_role; 354 uint8_t catalog_role_is_default; 355 const char* catalog_member_pattern; 356 const char* catalog_producer_zone; 357 } ATTR_PACKED; 358 359 #define PATTERN_IMPLICIT_MARKER "_implicit_" 360 361 /* 362 * Options for a zone 363 */ 364 struct zone_options { 365 /* key is dname of apex */ 366 rbnode_type node; 367 368 /* is apex of the zone */ 369 const char* name; 370 /* if not part of config, the offset and linesize of zonelist entry */ 371 off_t off; 372 int linesize; 373 /* pattern for the zone options, if zone is part_of_config, this is 374 * a anonymous pattern created in-place */ 375 struct pattern_options* pattern; 376 /* zone is fixed into the main config, not in zonelist, cannot delete */ 377 unsigned part_of_config : 1; 378 unsigned is_catalog_member_zone: 1; 379 } ATTR_PACKED; 380 381 /* 382 * Options for catalog member zones 383 * assert(options->is_catalog_member_zone == 1) 384 * when options->pattern->catalog_producer_zone is set, this is a 385 * producer member zone, otherwise a consumer member zone. 386 * A catalog member zone is either a member zone of a catalog producer zone 387 * or a catalog consumer zone. They are mutually exclusive. 388 */ 389 struct catalog_member_zone { 390 struct zone_options options; 391 const struct dname* member_id; 392 /* node in the associated catalog consumer or producer zone */ 393 rbnode_type node; 394 } ATTR_PACKED; 395 396 typedef void (*new_member_id_type)(struct catalog_member_zone* zone); 397 398 union acl_addr_storage { 399 #ifdef INET6 400 struct in_addr addr; 401 struct in6_addr addr6; 402 #else 403 struct in_addr addr; 404 #endif 405 }; 406 407 /* 408 * Access control list element 409 */ 410 struct acl_options { 411 struct acl_options* next; 412 413 /* options */ 414 time_t ixfr_disabled; 415 int bad_xfr_count; 416 uint8_t use_axfr_only; 417 uint8_t allow_udp; 418 419 /* ip address range */ 420 const char* ip_address_spec; 421 uint8_t is_ipv6; 422 unsigned int port; /* is 0(no port) or suffix @port value */ 423 union acl_addr_storage addr; 424 union acl_addr_storage range_mask; 425 enum { 426 acl_range_single = 0, /* single address */ 427 acl_range_mask = 1, /* 10.20.30.40&255.255.255.0 */ 428 acl_range_subnet = 2, /* 10.20.30.40/28 */ 429 acl_range_minmax = 3 /* 10.20.30.40-10.20.30.60 (mask=max) */ 430 } rangetype; 431 432 /* key */ 433 uint8_t nokey; 434 uint8_t blocked; 435 const char* key_name; 436 struct key_options* key_options; 437 438 /* tls_auth for XoT */ 439 const char* tls_auth_name; 440 struct tls_auth_options* tls_auth_options; 441 } ATTR_PACKED; 442 443 /* 444 * Key definition 445 */ 446 struct key_options { 447 rbnode_type node; /* key of tree is name */ 448 char* name; 449 char* algorithm; 450 char* secret; 451 struct tsig_key* tsig_key; 452 } ATTR_PACKED; 453 454 /* 455 * TLS Auth definition for XoT 456 */ 457 struct tls_auth_options { 458 rbnode_type node; /* key of tree is name */ 459 char* name; 460 char* auth_domain_name; 461 char* client_cert; 462 char* client_key; 463 char* client_key_pw; 464 }; 465 466 /* proxy protocol port option list */ 467 struct proxy_protocol_port_list { 468 struct proxy_protocol_port_list* next; 469 int port; 470 }; 471 472 /** zone list free space */ 473 struct zonelist_free { 474 struct zonelist_free* next; 475 off_t off; 476 }; 477 /** zonelist free bucket for a particular line length */ 478 struct zonelist_bucket { 479 rbnode_type node; /* key is ptr to linesize */ 480 int linesize; 481 struct zonelist_free* list; 482 }; 483 484 /* default zonefile write interval if database is "", in seconds */ 485 #define ZONEFILES_WRITE_INTERVAL 3600 486 487 struct zonestatname { 488 rbnode_type node; /* key is malloced string with cooked zonestat name */ 489 unsigned id; /* index in nsd.zonestat array */ 490 }; 491 492 /* 493 * Used during options parsing 494 */ 495 struct config_parser_state { 496 char* filename; 497 const char* chroot; 498 int line; 499 int errors; 500 struct nsd_options* opt; 501 struct pattern_options *pattern; 502 struct zone_options *zone; 503 struct key_options *key; 504 struct tls_auth_options *tls_auth; 505 struct ip_address_option *ip; 506 void (*err)(void*,const char*); 507 void* err_arg; 508 }; 509 510 extern config_parser_state_type* cfg_parser; 511 512 /* region will be put in nsd_options struct. Returns empty options struct. */ 513 struct nsd_options* nsd_options_create(region_type* region); 514 /* the number of zones that are configured */ 515 static inline size_t nsd_options_num_zones(struct nsd_options* opt) 516 { return opt->zone_options->count; } 517 /* insert a zone into the main options tree, returns 0 on error */ 518 int nsd_options_insert_zone(struct nsd_options* opt, struct zone_options* zone); 519 /* insert a pattern into the main options tree, returns 0 on error */ 520 int nsd_options_insert_pattern(struct nsd_options* opt, 521 struct pattern_options* pat); 522 523 /* parses options file. Returns false on failure. callback, if nonNULL, 524 * gets called with error strings, default prints. */ 525 int parse_options_file(struct nsd_options* opt, const char* file, 526 void (*err)(void*,const char*), void* err_arg, 527 struct nsd_options* old_opts); 528 struct zone_options* zone_options_create(region_type* region); 529 void zone_options_delete(struct nsd_options* opt, struct zone_options* zone); 530 struct catalog_member_zone* catalog_member_zone_create(region_type* region); 531 static inline struct catalog_member_zone* as_catalog_member_zone(struct zone_options* zopt) 532 { return zopt && zopt->is_catalog_member_zone ? (struct catalog_member_zone*)zopt : NULL; } 533 /* find a zone by apex domain name, or NULL if not found. */ 534 struct zone_options* zone_options_find(struct nsd_options* opt, 535 const struct dname* apex); 536 struct pattern_options* pattern_options_create(region_type* region); 537 struct pattern_options* pattern_options_find(struct nsd_options* opt, const char* name); 538 int pattern_options_equal(struct pattern_options* p, struct pattern_options* q); 539 void pattern_options_remove(struct nsd_options* opt, const char* name); 540 void pattern_options_add_modify(struct nsd_options* opt, 541 struct pattern_options* p); 542 void pattern_options_marshal(struct buffer* buffer, struct pattern_options* p); 543 struct pattern_options* pattern_options_unmarshal(region_type* r, 544 struct buffer* b); 545 struct key_options* key_options_create(region_type* region); 546 void key_options_insert(struct nsd_options* opt, struct key_options* key); 547 struct key_options* key_options_find(struct nsd_options* opt, const char* name); 548 void key_options_remove(struct nsd_options* opt, const char* name); 549 int key_options_equal(struct key_options* p, struct key_options* q); 550 void key_options_add_modify(struct nsd_options* opt, struct key_options* key); 551 void key_options_setup(region_type* region, struct key_options* key); 552 void key_options_desetup(region_type* region, struct key_options* key); 553 /* TLS auth */ 554 struct tls_auth_options* tls_auth_options_create(region_type* region); 555 void tls_auth_options_insert(struct nsd_options* opt, struct tls_auth_options* auth); 556 struct tls_auth_options* tls_auth_options_find(struct nsd_options* opt, const char* name); 557 /* read in zone list file. Returns false on failure */ 558 int parse_zone_list_file(struct nsd_options* opt); 559 /* create (potential) catalog producer member entry and add to the zonelist */ 560 struct zone_options* zone_list_add_or_cat(struct nsd_options* opt, 561 const char* zname, const char* pname, new_member_id_type new_member_id); 562 /* create zone entry and add to the zonelist file */ 563 static inline struct zone_options* zone_list_add(struct nsd_options* opt, 564 const char* zname, const char* pname) 565 { return zone_list_add_or_cat(opt, zname, pname, NULL); } 566 /* create zonelist entry, do not insert in file (called by _add) */ 567 struct zone_options* zone_list_zone_insert(struct nsd_options* opt, 568 const char* nm, const char* patnm); 569 void zone_list_del(struct nsd_options* opt, struct zone_options* zone); 570 void zone_list_compact(struct nsd_options* opt); 571 void zone_list_close(struct nsd_options* opt); 572 573 /* create zonestat name tree , for initially created zones */ 574 void options_zonestatnames_create(struct nsd_options* opt); 575 /* Get zonestat id for zone options, add new entry if necessary. 576 * instantiates the pattern's zonestat string */ 577 unsigned getzonestatid(struct nsd_options* opt, struct zone_options* zopt); 578 /* create string, same options as zonefile but no chroot changes */ 579 const char* config_cook_string(struct zone_options* zone, const char* input); 580 581 /** check if config for remote control turns on IP-address interface 582 * with certificates or a named pipe without certificates. */ 583 int options_remote_is_address(struct nsd_options* cfg); 584 585 #if defined(HAVE_SSL) 586 /* tsig must be inited, adds all keys in options to tsig. */ 587 void key_options_tsig_add(struct nsd_options* opt); 588 #endif 589 590 /* check acl list, acl number that matches if passed(0..), 591 * or failure (-1) if dropped */ 592 /* the reason why (the acl) is returned too (or NULL) */ 593 int acl_check_incoming(struct acl_options* acl, struct query* q, 594 struct acl_options** reason); 595 int acl_addr_matches_host(struct acl_options* acl, struct acl_options* host); 596 int acl_addr_matches(struct acl_options* acl, struct query* q); 597 int acl_addr_matches_proxy(struct acl_options* acl, struct query* q); 598 #ifdef HAVE_SSL 599 int acl_tls_hostname_matches(SSL* ssl, const char* acl_cert_cn); 600 #endif 601 int acl_key_matches(struct acl_options* acl, struct query* q); 602 int acl_addr_match_mask(uint32_t* a, uint32_t* b, uint32_t* mask, size_t sz); 603 int acl_addr_match_range_v6(uint32_t* minval, uint32_t* x, uint32_t* maxval, size_t sz); 604 int acl_addr_match_range_v4(uint32_t* minval, uint32_t* x, uint32_t* maxval, size_t sz); 605 606 /* check acl list for blocks on address, return 0 if none, -1 if blocked. */ 607 int acl_check_incoming_block_proxy(struct acl_options* acl, struct query* q, 608 struct acl_options** reason); 609 610 /* returns true if acls are both from the same host */ 611 int acl_same_host(struct acl_options* a, struct acl_options* b); 612 /* find acl by number in the list */ 613 struct acl_options* acl_find_num(struct acl_options* acl, int num); 614 615 /* see if two acl lists are the same (same elements in same order, or empty) */ 616 int acl_list_equal(struct acl_options* p, struct acl_options* q); 617 /* see if two acl are the same */ 618 int acl_equal(struct acl_options* p, struct acl_options* q); 619 620 /* see if a zone is a slave or a master zone */ 621 int zone_is_slave(struct zone_options* opt); 622 /* see if a zone is a catalog consumer */ 623 static inline int zone_is_catalog_consumer(struct zone_options* opt) 624 { return opt && opt->pattern 625 && opt->pattern->catalog_role == CATALOG_ROLE_CONSUMER; } 626 static inline int zone_is_catalog_producer(struct zone_options* opt) 627 { return opt && opt->pattern 628 && opt->pattern->catalog_role == CATALOG_ROLE_PRODUCER; } 629 static inline int zone_is_catalog_member(struct zone_options* opt) 630 { return opt && opt->is_catalog_member_zone; } 631 static inline const char* zone_is_catalog_producer_member(struct zone_options* opt) 632 { return opt && opt->pattern && opt->pattern->catalog_producer_zone 633 ? opt->pattern->catalog_producer_zone : NULL; } 634 static inline int zone_is_catalog_consumer_member(struct zone_options* opt) 635 { return zone_is_catalog_member(opt) && !zone_is_catalog_producer_member(opt); } 636 /* create zonefile name, returns static pointer (perhaps to options data) */ 637 const char* config_make_zonefile(struct zone_options* zone, struct nsd* nsd); 638 639 #define ZONEC_PCT_TIME 5 /* seconds, then it starts to print pcts */ 640 #define ZONEC_PCT_COUNT 100000 /* elements before pct check is done */ 641 642 /* parsing helpers */ 643 void c_error(const char* msg, ...) ATTR_FORMAT(printf, 1,2); 644 int c_wrap(void); 645 struct acl_options* parse_acl_info(region_type* region, char* ip, 646 const char* key); 647 /* true if ipv6 address, false if ipv4 */ 648 int parse_acl_is_ipv6(const char* p); 649 /* returns range type. mask is the 2nd part of the range */ 650 int parse_acl_range_type(char* ip, char** mask); 651 /* parses subnet mask, fills 0 mask as well */ 652 void parse_acl_range_subnet(char* p, void* addr, int maxbits); 653 /* clean up options */ 654 void nsd_options_destroy(struct nsd_options* opt); 655 /* replace occurrences of one with two in buf, pass length of buffer */ 656 void replace_str(char* buf, size_t len, const char* one, const char* two); 657 /* apply pattern to the existing pattern in the parser */ 658 void config_apply_pattern(struct pattern_options *dest, const char* name); 659 /* if the file is a directory, print a warning, because flex just exit()s 660 * when a fileread fails because it is a directory, helps the user figure 661 * out what just happened */ 662 void warn_if_directory(const char* filetype, FILE* f, const char* fname); 663 /* resolve interface names in the options "ip-address:" (or "interface:") 664 * and "control-interface:" into the ip-addresses associated with those 665 * names. */ 666 void resolve_interface_names(struct nsd_options* options); 667 668 /* See if the sockaddr port number is listed in the proxy protocol ports. */ 669 int sockaddr_uses_proxy_protocol_port(struct nsd_options* options, 670 struct sockaddr* addr); 671 672 #endif /* OPTIONS_H */ 673
Indexes created Tue Feb 24 08:35:24 UTC 2026