View | Details | Raw Unified | Return to bug 4154
Collapse All | Expand All

(-)b/doc/unbound.conf.5.in (+8 lines)
 Lines 1843-1848   to expose to third parties for IPv6. Defaults to 56. Link Here 
1843
.B max\-client\-subnet\-ipv4: \fI<number>\fR
1843
.B max\-client\-subnet\-ipv4: \fI<number>\fR
1844
Specifies the maximum prefix length of the client source address we are willing
1844
Specifies the maximum prefix length of the client source address we are willing
1845
to expose to third parties for IPv4. Defaults to 24.
1845
to expose to third parties for IPv4. Defaults to 24.
1846
.TP
1847
.B max\-ecs\-tree\-size\-ipv4: \fI<number>\fR
1848
Specifies the maximum number of subnets ECS answers kept in the ECS radix tree.
1849
This number applies for each qname/qclass/qtype tuple. Defaults to 100.
1850
.TP
1851
.B max\-ecs\-tree\-size\-ipv6: \fI<number>\fR
1852
Specifies the maximum number of subnets ECS answers kept in the ECS radix tree.
1853
This number applies for each qname/qclass/qtype tuple. Defaults to 100.
1846
.SS "Opportunistic IPsec Support Module Options"
1854
.SS "Opportunistic IPsec Support Module Options"
1847
.LP
1855
.LP
1848
The IPsec module must be configured in the \fBmodule\-config:\fR "ipsecmod
1856
The IPsec module must be configured in the \fBmodule\-config:\fR "ipsecmod
(-)b/edns-subnet/subnetmod.c (-4 / +2 lines)
 Lines 56-63    Link Here 
56
#include "util/data/msgreply.h"
56
#include "util/data/msgreply.h"
57
#include "sldns/sbuffer.h"
57
#include "sldns/sbuffer.h"
58
58
59
#define ECS_MAX_TREESIZE 100
60
61
/** externally called */
59
/** externally called */
62
void 
60
void 
63
subnet_data_delete(void *d, void *ATTR_UNUSED(arg))
61
subnet_data_delete(void *d, void *ATTR_UNUSED(arg))
 Lines 291-303   get_tree(struct subnet_msg_cache_data *data, struct ecs_data *edns, Link Here 
291
		if (!data->tree4)
289
		if (!data->tree4)
292
			data->tree4 = addrtree_create(
290
			data->tree4 = addrtree_create(
293
				cfg->max_client_subnet_ipv4, &delfunc,
291
				cfg->max_client_subnet_ipv4, &delfunc,
294
				&sizefunc, env, ECS_MAX_TREESIZE);
292
				&sizefunc, env, cfg->max_ecs_tree_size_ipv4);
295
		tree = data->tree4;
293
		tree = data->tree4;
296
	} else {
294
	} else {
297
		if (!data->tree6)
295
		if (!data->tree6)
298
			data->tree6 = addrtree_create(
296
			data->tree6 = addrtree_create(
299
				cfg->max_client_subnet_ipv6, &delfunc,
297
				cfg->max_client_subnet_ipv6, &delfunc,
300
				&sizefunc, env, ECS_MAX_TREESIZE);
298
				&sizefunc, env, cfg->max_ecs_tree_size_ipv6);
301
		tree = data->tree6;
299
		tree = data->tree6;
302
	}
300
	}
303
	return tree;
301
	return tree;
(-)b/util/config_file.c (-1 / +6 lines)
 Lines 194-199   config_create(void) Link Here 
194
	cfg->client_subnet_always_forward = 0;
194
	cfg->client_subnet_always_forward = 0;
195
	cfg->max_client_subnet_ipv4 = 24;
195
	cfg->max_client_subnet_ipv4 = 24;
196
	cfg->max_client_subnet_ipv6 = 56;
196
	cfg->max_client_subnet_ipv6 = 56;
197
	cfg->max_ecs_tree_size_ipv4 = 100;
198
	cfg->max_ecs_tree_size_ipv6 = 100;
197
#endif
199
#endif
198
	cfg->views = NULL;
200
	cfg->views = NULL;
199
	cfg->acls = NULL;
201
	cfg->acls = NULL;
 Lines 683-689   int config_set_option(struct config_file* cfg, const char* opt, Link Here 
683
		 * ratelimit-for-domain, ratelimit-below-domain,
685
		 * ratelimit-for-domain, ratelimit-below-domain,
684
		 * local-zone-tag, access-control-view,
686
		 * local-zone-tag, access-control-view,
685
		 * send-client-subnet, client-subnet-always-forward,
687
		 * send-client-subnet, client-subnet-always-forward,
686
		 * max-client-subnet-ipv4, max-client-subnet-ipv6, ipsecmod_hook,
688
		 * max-client-subnet-ipv4, max-client-subnet-ipv6,
689
		 * max-ecs-tree-size-ipv4, max-ecs-tree-size-ipv6, ipsecmod_hook,
687
		 * ipsecmod_whitelist. */
690
		 * ipsecmod_whitelist. */
688
		return 0;
691
		return 0;
689
	}
692
	}
 Lines 981-986   config_get_option(struct config_file* cfg, const char* opt, Link Here 
981
	else O_LST(opt, "client-subnet-zone", client_subnet_zone)
984
	else O_LST(opt, "client-subnet-zone", client_subnet_zone)
982
	else O_DEC(opt, "max-client-subnet-ipv4", max_client_subnet_ipv4)
985
	else O_DEC(opt, "max-client-subnet-ipv4", max_client_subnet_ipv4)
983
	else O_DEC(opt, "max-client-subnet-ipv6", max_client_subnet_ipv6)
986
	else O_DEC(opt, "max-client-subnet-ipv6", max_client_subnet_ipv6)
987
	else O_DEC(opt, "max-ecs-tree-size-ipv4", max_ecs_tree_size_ipv4)
988
	else O_DEC(opt, "max-ecs-tree-size-ipv6", max_ecs_tree_size_ipv6)
984
	else O_YNO(opt, "client-subnet-always-forward:",
989
	else O_YNO(opt, "client-subnet-always-forward:",
985
		client_subnet_always_forward)
990
		client_subnet_always_forward)
986
#endif
991
#endif
(-)b/util/config_file.h (+3 lines)
 Lines 214-219   struct config_file { Link Here 
214
	/** Subnet length we are willing to give up privacy for */
214
	/** Subnet length we are willing to give up privacy for */
215
	uint8_t max_client_subnet_ipv4;
215
	uint8_t max_client_subnet_ipv4;
216
	uint8_t max_client_subnet_ipv6;
216
	uint8_t max_client_subnet_ipv6;
217
	/** Max number of nodes in the ECS radix tree */
218
	uint32_t max_ecs_tree_size_ipv4;
219
	uint32_t max_ecs_tree_size_ipv6;
217
#endif
220
#endif
218
	/** list of access control entries, linked list */
221
	/** list of access control entries, linked list */
219
	struct config_str2list* acls;
222
	struct config_str2list* acls;
(-)b/util/configlexer.lex (+2 lines)
 Lines 331-336   client-subnet-always-forward{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) Link Here 
331
client-subnet-opcode{COLON}	{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) }
331
client-subnet-opcode{COLON}	{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) }
332
max-client-subnet-ipv4{COLON}	{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) }
332
max-client-subnet-ipv4{COLON}	{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) }
333
max-client-subnet-ipv6{COLON}	{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) }
333
max-client-subnet-ipv6{COLON}	{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) }
334
max-ecs-tree-size-ipv4{COLON}	{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) }
335
max-ecs-tree-size-ipv6{COLON}	{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) }
334
hide-identity{COLON}		{ YDVAR(1, VAR_HIDE_IDENTITY) }
336
hide-identity{COLON}		{ YDVAR(1, VAR_HIDE_IDENTITY) }
335
hide-version{COLON}		{ YDVAR(1, VAR_HIDE_VERSION) }
337
hide-version{COLON}		{ YDVAR(1, VAR_HIDE_VERSION) }
336
hide-trustanchor{COLON}		{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) }
338
hide-trustanchor{COLON}		{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) }
(-)b/util/configparser.y (+32 lines)
 Lines 135-140   extern struct config_parser_state* cfg_parser; Link Here 
135
%token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
135
%token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ZONE
136
%token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
136
%token VAR_CLIENT_SUBNET_ALWAYS_FORWARD VAR_CLIENT_SUBNET_OPCODE
137
%token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
137
%token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6
138
%token VAR_MAX_ECS_TREE_SIZE_IPV4 VAR_MAX_ECS_TREE_SIZE_IPV6
138
%token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
139
%token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
139
%token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
140
%token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
140
%token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
141
%token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
 Lines 237-242   content_server: server_num_threads | server_verbosity | server_port | Link Here 
237
	server_client_subnet_zone | server_client_subnet_always_forward |
238
	server_client_subnet_zone | server_client_subnet_always_forward |
238
	server_client_subnet_opcode |
239
	server_client_subnet_opcode |
239
	server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
240
	server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
241
	server_max_ecs_tree_size_ipv4 | server_max_ecs_tree_size_ipv6 |
240
	server_caps_whitelist | server_cache_max_negative_ttl |
242
	server_caps_whitelist | server_cache_max_negative_ttl |
241
	server_permit_small_holddown | server_qname_minimisation |
243
	server_permit_small_holddown | server_qname_minimisation |
242
	server_ip_freebind | server_define_tag | server_local_zone_tag |
244
	server_ip_freebind | server_define_tag | server_local_zone_tag |
 Lines 493-498   server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG Link Here 
493
		free($2);
495
		free($2);
494
	}
496
	}
495
	;
497
	;
498
server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG
499
	{
500
	#ifdef CLIENT_SUBNET
501
		OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", $2));
502
		if(atoi($2) == 0 && strcmp($2, "0") != 0)
503
			yyerror("IPv4 ECS tree size expected");
504
		else if (atoi($2) < 0)
505
			cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0;
506
		else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi($2);
507
	#else
508
		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
509
	#endif
510
		free($2);
511
	}
512
	;
513
server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG
514
	{
515
	#ifdef CLIENT_SUBNET
516
		OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", $2));
517
		if(atoi($2) == 0 && strcmp($2, "0") != 0)
518
			yyerror("IPv6 ECS tree size expected");
519
		else if (atoi($2) < 0)
520
			cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0;
521
		else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi($2);
522
	#else
523
		OUTYY(("P(Compiled without edns subnet option, ignoring)\n"));
524
	#endif
525
		free($2);
526
	}
527
	;
496
server_interface: VAR_INTERFACE STRING_ARG
528
server_interface: VAR_INTERFACE STRING_ARG
497
	{
529
	{
498
		OUTYY(("P(server_interface:%s)\n", $2));
530
		OUTYY(("P(server_interface:%s)\n", $2));

Return to bug 4154