mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 05:28:00 +00:00
Code Issues Releases Wiki Activity

libdns refactoring: get rid of multiple versions of dns_keytable_add, dns_iptable_addprefix and dns_iptable_addprefix

Browse Source
This commit is contained in:
Witold Kręcicki 2018-04-05 16:23:56 +02:00
parent c8aa1ee9e6
commit 102a397e39
16 changed files with 73 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
bin/named/server.c
View File

@ -869,8 +869,8 @@ load_view_keys(const cfg_obj_t *keys, const cfg_obj_t *vconfig,
* initializing key; that's why 'managed'
* is duplicated below.
*/
CHECK(dns_keytable_add2(secroots, managed,
managed, &dstkey));
CHECK(dns_keytable_add(secroots, managed,
managed, &dstkey));
}
}
@ -3615,8 +3615,8 @@ create_mapped_acl(void) {
if (result != ISC_R_SUCCESS)
return (result);
result = dns_iptable_addprefix2(acl->iptable, &addr, 96,
ISC_TRUE, ISC_FALSE);
result = dns_iptable_addprefix(acl->iptable, &addr, 96,
ISC_TRUE, ISC_FALSE);
if (result == ISC_R_SUCCESS)
dns_acl_attach(acl, &named_g_mapped);
dns_acl_detach(&acl);
@ -5254,7 +5254,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
* empty zone for it.
*/
result = dns_fwdtable_find(view->fwdtable, name,
&dnsforwarders);
NULL, &dnsforwarders);
if (result == ISC_R_SUCCESS &&
dnsforwarders->fwdpolicy == dns_fwdpolicy_only)
continue;
@ -6267,8 +6267,8 @@ add_listenelt(isc_mem_t *mctx, ns_listenlist_t *list, isc_sockaddr_t *addr,
if (result != ISC_R_SUCCESS)
return (result);
result = dns_iptable_addprefix(src_acl->iptable,
&netaddr, 128, ISC_TRUE);
result = dns_iptable_addprefix(src_acl->iptable, &netaddr,
128, ISC_TRUE, ISC_FALSE);
if (result != ISC_R_SUCCESS)
goto clean;

3
lib/dns/acl.c
View File

@ -100,7 +100,8 @@ dns_acl_anyornone(isc_mem_t *mctx, isc_boolean_t neg, dns_acl_t **target) {
if (result != ISC_R_SUCCESS)
return (result);
result = dns_iptable_addprefix(acl->iptable, NULL, 0, ISC_TF(!neg));
result = dns_iptable_addprefix(acl->iptable, NULL, 0, ISC_TF(!neg),
ISC_FALSE);
if (result != ISC_R_SUCCESS) {
dns_acl_detach(&acl);
return (result);

2
lib/dns/client.c
View File

@ -1540,7 +1540,7 @@ dns_client_addtrustedkey(dns_client_t *client, dns_rdataclass_t rdclass,
if (result != ISC_R_SUCCESS)
goto cleanup;
result = dns_keytable_add2(secroots, ISC_FALSE, ISC_FALSE, &dstkey);
result = dns_keytable_add(secroots, ISC_FALSE, ISC_FALSE, &dstkey);
cleanup:
if (dstkey != NULL)

9
lib/dns/forward.c
View File

@ -192,14 +192,7 @@ dns_fwdtable_delete(dns_fwdtable_t *fwdtable, const dns_name_t *name) {
isc_result_t
dns_fwdtable_find(dns_fwdtable_t *fwdtable, const dns_name_t *name,
dns_forwarders_t **forwardersp)
{
return (dns_fwdtable_find2(fwdtable, name, NULL, forwardersp));
}
isc_result_t
dns_fwdtable_find2(dns_fwdtable_t *fwdtable, const dns_name_t *name,
dns_name_t *foundname, dns_forwarders_t **forwardersp)
dns_name_t *foundname, dns_forwarders_t **forwardersp)
{
isc_result_t result;

19
lib/dns/include/dns/forward.h
View File

@ -89,24 +89,7 @@ dns_fwdtable_delete(dns_fwdtable_t *fwdtable, const dns_name_t *name);
isc_result_t
dns_fwdtable_find(dns_fwdtable_t *fwdtable, const dns_name_t *name,
dns_forwarders_t **forwardersp);
/*%<
* Finds a domain in the forwarding table. The closest matching parent
* domain is returned.
*
* Requires:
* \li fwdtable is a valid forwarding table.
* \li name is a valid name
* \li forwardersp != NULL && *forwardersp == NULL
*
* Returns:
* \li #ISC_R_SUCCESS
* \li #ISC_R_NOTFOUND
*/
isc_result_t
dns_fwdtable_find2(dns_fwdtable_t *fwdtable, const dns_name_t *name,
dns_name_t *foundname, dns_forwarders_t **forwardersp);
dns_name_t *foundname, dns_forwarders_t **forwardersp);
/*%<
* Finds a domain in the forwarding table. The closest matching parent
* domain is returned.

7
lib/dns/include/dns/iptable.h
View File

@ -45,11 +45,8 @@ dns_iptable_create(isc_mem_t *mctx, dns_iptable_t **target);
isc_result_t
dns_iptable_addprefix(dns_iptable_t *tab, const isc_netaddr_t *addr,
isc_uint16_t bitlen, isc_boolean_t pos);
isc_result_t
dns_iptable_addprefix2(dns_iptable_t *tab, const isc_netaddr_t *addr,
isc_uint16_t bitlen, isc_boolean_t pos,
isc_boolean_t is_ecs);
isc_uint16_t bitlen, isc_boolean_t pos,
isc_boolean_t is_ecs);
/*
* Add an IP prefix to an existing IP table
*/

3
lib/dns/include/dns/keytable.h
View File

@ -105,9 +105,6 @@ dns_keytable_detach(dns_keytable_t **keytablep);
isc_result_t
dns_keytable_add(dns_keytable_t *keytable, isc_boolean_t managed,
dst_key_t **keyp) ISC_DEPRECATED;
isc_result_t
dns_keytable_add2(dns_keytable_t *keytable, isc_boolean_t managed,
isc_boolean_t initial, dst_key_t **keyp);
/*%<
* Add '*keyp' to 'keytable' (using the name in '*keyp').

11
lib/dns/iptable.c
View File

@ -56,15 +56,8 @@ static isc_boolean_t dns_iptable_pos = ISC_TRUE;
*/
isc_result_t
dns_iptable_addprefix(dns_iptable_t *tab, const isc_netaddr_t *addr,
isc_uint16_t bitlen, isc_boolean_t pos)
{
return(dns_iptable_addprefix2(tab, addr, bitlen, pos, ISC_FALSE));
}
isc_result_t
dns_iptable_addprefix2(dns_iptable_t *tab, const isc_netaddr_t *addr,
isc_uint16_t bitlen, isc_boolean_t pos,
isc_boolean_t is_ecs)
isc_uint16_t bitlen, isc_boolean_t pos,
isc_boolean_t is_ecs)
{
isc_result_t result;
isc_prefix_t pfx;

9
lib/dns/keytable.c
View File

@ -308,14 +308,7 @@ insert(dns_keytable_t *keytable, isc_boolean_t managed, isc_boolean_t initial,
isc_result_t
dns_keytable_add(dns_keytable_t *keytable, isc_boolean_t managed,
dst_key_t **keyp)
{
return (dns_keytable_add2(keytable, managed, ISC_FALSE, keyp));
}
isc_result_t
dns_keytable_add2(dns_keytable_t *keytable, isc_boolean_t managed,
isc_boolean_t initial, dst_key_t **keyp)
isc_boolean_t initial, dst_key_t **keyp)
{
REQUIRE(keyp != NULL && *keyp != NULL);
REQUIRE(!initial || managed);

8
lib/dns/resolver.c
View File

@ -3521,8 +3521,8 @@ fctx_getaddresses(fetchctx_t *fctx, isc_boolean_t badcache) {
dns_fixedname_init(&fixed);
domain = dns_fixedname_name(&fixed);
result = dns_fwdtable_find2(res->view->fwdtable, name,
domain, &forwarders);
result = dns_fwdtable_find(res->view->fwdtable, name,
domain, &forwarders);
if (result == ISC_R_SUCCESS) {
fwd = ISC_LIST_HEAD(forwarders->fwdrs);
fctx->fwdpolicy = forwarders->fwdpolicy;
@ -4602,8 +4602,8 @@ fctx_create(dns_resolver_t *res, const dns_name_t *name, dns_rdatatype_t type,
/* Find the forwarder for this name. */
dns_fixedname_init(&fixed);
fname = dns_fixedname_name(&fixed);
result = dns_fwdtable_find2(fctx->res->view->fwdtable, fwdname,
fname, &forwarders);
result = dns_fwdtable_find(fctx->res->view->fwdtable, fwdname,
fname, &forwarders);
if (result == ISC_R_SUCCESS)
fctx->fwdpolicy = forwarders->fwdpolicy;

56
lib/dns/tests/acl_test.c
View File

@ -138,13 +138,13 @@ ATF_TC_BODY(dns_acl_isinsecure, tc) {
inaddr.s_addr = htonl(0x0a000000); /* 10.0.0.0 */
isc_netaddr_fromin(&addr, &inaddr);
result = dns_iptable_addprefix2(pos4pos6->iptable, &addr, 8,
ISC_TRUE, ecs[pass].first);
result = dns_iptable_addprefix(pos4pos6->iptable, &addr, 8,
ISC_TRUE, ecs[pass].first);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
addr.family = AF_INET6; /* 0a00:: */
result = dns_iptable_addprefix2(pos4pos6->iptable, &addr, 8,
ISC_TRUE, ecs[pass].second);
result = dns_iptable_addprefix(pos4pos6->iptable, &addr, 8,
ISC_TRUE, ecs[pass].second);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
result = dns_acl_merge(notpos4pos6, pos4pos6, ISC_FALSE);
@ -152,13 +152,13 @@ ATF_TC_BODY(dns_acl_isinsecure, tc) {
inaddr.s_addr = htonl(0x0a000000); /* !10.0.0.0/8 */
isc_netaddr_fromin(&addr, &inaddr);
result = dns_iptable_addprefix2(neg4pos6->iptable, &addr, 8,
ISC_FALSE, ecs[pass].first);
result = dns_iptable_addprefix(neg4pos6->iptable, &addr, 8,
ISC_FALSE, ecs[pass].first);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
addr.family = AF_INET6; /* 0a00::/8 */
result = dns_iptable_addprefix2(neg4pos6->iptable, &addr, 8,
ISC_TRUE, ecs[pass].second);
result = dns_iptable_addprefix(neg4pos6->iptable, &addr, 8,
ISC_TRUE, ecs[pass].second);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
result = dns_acl_merge(notneg4pos6, neg4pos6, ISC_FALSE);
@ -166,13 +166,13 @@ ATF_TC_BODY(dns_acl_isinsecure, tc) {
inaddr.s_addr = htonl(0x0a000000); /* 10.0.0.0/8 */
isc_netaddr_fromin(&addr, &inaddr);
result = dns_iptable_addprefix2(pos4neg6->iptable, &addr, 8,
ISC_TRUE, ecs[pass].first);
result = dns_iptable_addprefix(pos4neg6->iptable, &addr, 8,
ISC_TRUE, ecs[pass].first);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
addr.family = AF_INET6; /* !0a00::/8 */
result = dns_iptable_addprefix2(pos4neg6->iptable, &addr, 8,
ISC_FALSE, ecs[pass].second);
result = dns_iptable_addprefix(pos4neg6->iptable, &addr, 8,
ISC_FALSE, ecs[pass].second);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
result = dns_acl_merge(notpos4neg6, pos4neg6, ISC_FALSE);
@ -180,13 +180,13 @@ ATF_TC_BODY(dns_acl_isinsecure, tc) {
inaddr.s_addr = htonl(0x0a000000); /* !10.0.0.0/8 */
isc_netaddr_fromin(&addr, &inaddr);
result = dns_iptable_addprefix2(neg4neg6->iptable, &addr, 8,
ISC_FALSE, ecs[pass].first);
result = dns_iptable_addprefix(neg4neg6->iptable, &addr, 8,
ISC_FALSE, ecs[pass].first);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
addr.family = AF_INET6; /* !0a00::/8 */
result = dns_iptable_addprefix2(neg4neg6->iptable, &addr, 8,
ISC_FALSE, ecs[pass].second);
result = dns_iptable_addprefix(neg4neg6->iptable, &addr, 8,
ISC_FALSE, ecs[pass].second);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
result = dns_acl_merge(notneg4neg6, neg4neg6, ISC_FALSE);
@ -224,16 +224,16 @@ ATF_TC_BODY(dns_acl_isinsecure, tc) {
inaddr.s_addr = htonl(0x7f000001); /* 127.0.0.1 */
isc_netaddr_fromin(&addr, &inaddr);
result = dns_iptable_addprefix2(loop4->iptable, &addr, 32,
ISC_TRUE, ecs[pass].first);
result = dns_iptable_addprefix(loop4->iptable, &addr, 32,
ISC_TRUE, ecs[pass].first);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
result = dns_acl_merge(notloop4, loop4, ISC_FALSE);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
isc_netaddr_fromin6(&addr, &in6addr_loopback); /* ::1 */
result = dns_iptable_addprefix2(loop6->iptable, &addr, 128,
ISC_TRUE, ecs[pass].first);
result = dns_iptable_addprefix(loop6->iptable, &addr, 128,
ISC_TRUE, ecs[pass].first);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
result = dns_acl_merge(notloop6, loop6, ISC_FALSE);
@ -270,13 +270,13 @@ ATF_TC_BODY(dns_acl_isinsecure, tc) {
inaddr.s_addr = htonl(0x7f000001); /* 127.0.0.1 */
isc_netaddr_fromin(&addr, &inaddr);
result = dns_iptable_addprefix2(loop4pos6->iptable, &addr, 32,
ISC_TRUE, ecs[pass].first);
result = dns_iptable_addprefix(loop4pos6->iptable, &addr, 32,
ISC_TRUE, ecs[pass].first);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
addr.family = AF_INET6; /* f700:0001::/32 */
result = dns_iptable_addprefix2(loop4pos6->iptable, &addr, 32,
ISC_TRUE, ecs[pass].second);
result = dns_iptable_addprefix(loop4pos6->iptable, &addr, 32,
ISC_TRUE, ecs[pass].second);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
result = dns_acl_merge(notloop4pos6, loop4pos6, ISC_FALSE);
@ -284,13 +284,13 @@ ATF_TC_BODY(dns_acl_isinsecure, tc) {
inaddr.s_addr = htonl(0x7f000001); /* 127.0.0.1 */
isc_netaddr_fromin(&addr, &inaddr);
result = dns_iptable_addprefix2(loop4neg6->iptable, &addr, 32,
ISC_TRUE, ecs[pass].first);
result = dns_iptable_addprefix(loop4neg6->iptable, &addr, 32,
ISC_TRUE, ecs[pass].first);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
addr.family = AF_INET6; /* !f700:0001::/32 */
result = dns_iptable_addprefix2(loop4neg6->iptable, &addr, 32,
ISC_FALSE, ecs[pass].second);
result = dns_iptable_addprefix(loop4neg6->iptable, &addr, 32,
ISC_FALSE, ecs[pass].second);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
result = dns_acl_merge(notloop4neg6, loop4neg6, ISC_FALSE);

22
lib/dns/tests/keytable_test.c
View File

@ -129,12 +129,12 @@ create_tables() {
/* Add a normal key */
create_key(257, 3, 5, "example.com", keystr1, &key);
ATF_REQUIRE_EQ(dns_keytable_add2(keytable, ISC_FALSE, ISC_FALSE, &key),
ATF_REQUIRE_EQ(dns_keytable_add(keytable, ISC_FALSE, ISC_FALSE, &key),
ISC_R_SUCCESS);
/* Add an initializing managed key */
create_key(257, 3, 5, "managed.com", keystr1, &key);
ATF_REQUIRE_EQ(dns_keytable_add2(keytable, ISC_TRUE, ISC_TRUE, &key),
ATF_REQUIRE_EQ(dns_keytable_add(keytable, ISC_TRUE, ISC_TRUE, &key),
ISC_R_SUCCESS);
/* Add a null key */
@ -193,7 +193,7 @@ ATF_TC_BODY(add, tc) {
* nextkeynode() should still return NOTFOUND.
*/
create_key(257, 3, 5, "example.com", keystr1, &key);
ATF_REQUIRE_EQ(dns_keytable_add2(keytable, ISC_FALSE, ISC_FALSE, &key),
ATF_REQUIRE_EQ(dns_keytable_add(keytable, ISC_FALSE, ISC_FALSE, &key),
ISC_R_SUCCESS);
ATF_REQUIRE_EQ(dns_keytable_nextkeynode(keytable, keynode,
&next_keynode), ISC_R_NOTFOUND);
@ -201,7 +201,7 @@ ATF_TC_BODY(add, tc) {
/* Add another key (different keydata) */
dns_keytable_detachkeynode(keytable, &keynode);
create_key(257, 3, 5, "example.com", keystr2, &key);
ATF_REQUIRE_EQ(dns_keytable_add2(keytable, ISC_FALSE, ISC_FALSE, &key),
ATF_REQUIRE_EQ(dns_keytable_add(keytable, ISC_FALSE, ISC_FALSE, &key),
ISC_R_SUCCESS);
ATF_REQUIRE_EQ(dns_keytable_find(keytable, str2name("example.com"),
&keynode), ISC_R_SUCCESS);
@ -231,7 +231,7 @@ ATF_TC_BODY(add, tc) {
* ISC_R_NOTFOUND and that the added key is an initializing key.
*/
create_key(257, 3, 5, "managed.com", keystr2, &key);
ATF_REQUIRE_EQ(dns_keytable_add2(keytable, ISC_TRUE, ISC_TRUE, &key),
ATF_REQUIRE_EQ(dns_keytable_add(keytable, ISC_TRUE, ISC_TRUE, &key),
ISC_R_SUCCESS);
ATF_REQUIRE_EQ(dns_keytable_find(keytable, str2name("managed.com"),
&keynode), ISC_R_SUCCESS);
@ -248,7 +248,7 @@ ATF_TC_BODY(add, tc) {
* nodes for managed.com, both containing non-initializing keys.
*/
create_key(257, 3, 5, "managed.com", keystr2, &key);
ATF_REQUIRE_EQ(dns_keytable_add2(keytable, ISC_TRUE, ISC_FALSE, &key),
ATF_REQUIRE_EQ(dns_keytable_add(keytable, ISC_TRUE, ISC_FALSE, &key),
ISC_R_SUCCESS);
ATF_REQUIRE_EQ(dns_keytable_find(keytable, str2name("managed.com"),
&keynode), ISC_R_SUCCESS);
@ -269,7 +269,7 @@ ATF_TC_BODY(add, tc) {
* that the added key is an initializing key.
*/
create_key(257, 3, 5, "two.com", keystr1, &key);
ATF_REQUIRE_EQ(dns_keytable_add2(keytable, ISC_TRUE, ISC_TRUE, &key),
ATF_REQUIRE_EQ(dns_keytable_add(keytable, ISC_TRUE, ISC_TRUE, &key),
ISC_R_SUCCESS);
ATF_REQUIRE_EQ(dns_keytable_find(keytable, str2name("two.com"),
&keynode), ISC_R_SUCCESS);
@ -284,7 +284,7 @@ ATF_TC_BODY(add, tc) {
* ISC_R_NOTFOUND and that the added key is not an initializing key.
*/
create_key(257, 3, 5, "two.com", keystr2, &key);
ATF_REQUIRE_EQ(dns_keytable_add2(keytable, ISC_TRUE, ISC_FALSE, &key),
ATF_REQUIRE_EQ(dns_keytable_add(keytable, ISC_TRUE, ISC_FALSE, &key),
ISC_R_SUCCESS);
ATF_REQUIRE_EQ(dns_keytable_find(keytable, str2name("two.com"),
&keynode), ISC_R_SUCCESS);
@ -301,7 +301,7 @@ ATF_TC_BODY(add, tc) {
* nodes for two.com, both containing non-initializing keys.
*/
create_key(257, 3, 5, "two.com", keystr1, &key);
ATF_REQUIRE_EQ(dns_keytable_add2(keytable, ISC_TRUE, ISC_FALSE, &key),
ATF_REQUIRE_EQ(dns_keytable_add(keytable, ISC_TRUE, ISC_FALSE, &key),
ISC_R_SUCCESS);
ATF_REQUIRE_EQ(dns_keytable_find(keytable, str2name("two.com"),
&keynode), ISC_R_SUCCESS);
@ -323,7 +323,7 @@ ATF_TC_BODY(add, tc) {
ATF_REQUIRE_EQ(dns_keytable_find(keytable, str2name("null.example"),
&null_keynode), ISC_R_SUCCESS);
create_key(257, 3, 5, "null.example", keystr2, &key);
ATF_REQUIRE_EQ(dns_keytable_add2(keytable, ISC_FALSE, ISC_FALSE, &key),
ATF_REQUIRE_EQ(dns_keytable_add(keytable, ISC_FALSE, ISC_FALSE, &key),
ISC_R_SUCCESS);
ATF_REQUIRE_EQ(dns_keytable_find(keytable, str2name("null.example"),
&keynode), ISC_R_SUCCESS);
@ -629,7 +629,7 @@ ATF_TC_BODY(nta, tc) {
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
create_key(257, 3, 5, "example", keystr1, &key);
result = dns_keytable_add2(keytable, ISC_FALSE, ISC_FALSE, &key);
result = dns_keytable_add(keytable, ISC_FALSE, ISC_FALSE, &key);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
isc_stdtime_get(&now);

3
lib/dns/win32/libdns.def.in
View File

@ -372,7 +372,6 @@ dns_fwdtable_create
dns_fwdtable_delete
dns_fwdtable_destroy
dns_fwdtable_find
dns_fwdtable_find2
dns_generalstats_create
dns_generalstats_dump
dns_generalstats_increment
@ -386,7 +385,6 @@ dns_ipkeylist_copy
dns_ipkeylist_init
dns_ipkeylist_resize
dns_iptable_addprefix
dns_iptable_addprefix2
dns_iptable_attach
dns_iptable_create
dns_iptable_detach
@ -422,7 +420,6 @@ dns_keynode_managed
dns_keynode_trust
dns_keyring_restore
dns_keytable_add
dns_keytable_add2
dns_keytable_attach
dns_keytable_attachkeynode
dns_keytable_create

2
lib/dns/zone.c
View File

@ -3877,7 +3877,7 @@ trust_key(dns_zone_t *zone, dns_name_t *keyname,
goto failure;
CHECK(dns_dnssec_keyfromrdata(keyname, &rdata, mctx, &dstkey));
CHECK(dns_keytable_add2(sr, ISC_TRUE, initial, &dstkey));
CHECK(dns_keytable_add(sr, ISC_TRUE, initial, &dstkey));
dns_keytable_detach(&sr);
failure:

15
lib/isccfg/aclconf.c
View File

@ -632,6 +632,7 @@ cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx,
const cfg_listelt_t *elt;
dns_iptable_t *iptab;
int new_nest_level = 0;
isc_boolean_t setpos;
if (nest_level != 0)
new_nest_level = nest_level - 1;
@ -710,7 +711,7 @@ cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx,
/* Network prefix */
isc_netaddr_t addr;
unsigned int bitlen;
isc_boolean_t setpos, setecs;
isc_boolean_t setecs;
cfg_obj_asnetprefix(ce, &addr, &bitlen);
if (family != 0 && family != addr.family) {
@ -739,8 +740,8 @@ cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx,
*/
setpos = ISC_TF(nest_level != 0 || !neg);
setecs = cfg_obj_istype(ce, &cfg_type_ecsprefix);
result = dns_iptable_addprefix2(iptab, &addr, bitlen,
setpos, setecs);
result = dns_iptable_addprefix(iptab, &addr, bitlen,
setpos, setecs);
if (result != ISC_R_SUCCESS)
goto cleanup;
@ -812,8 +813,10 @@ nested_acl:
const char *name = cfg_obj_asstring(ce);
if (strcasecmp(name, "any") == 0) {
/* Iptable entry with zero bit length. */
setpos = ISC_TF(nest_level != 0 || !neg);
result = dns_iptable_addprefix(iptab, NULL, 0,
ISC_TF(nest_level != 0 || !neg));
setpos,
ISC_FALSE);
if (result != ISC_R_SUCCESS)
goto cleanup;
@ -831,8 +834,10 @@ nested_acl:
* de->negative to true so we can handle
* "!none;".
*/
setpos = ISC_TF(nest_level != 0 || neg);
result = dns_iptable_addprefix(iptab, NULL, 0,
ISC_TF(nest_level != 0 || neg));
setpos,
ISC_FALSE);
if (result != ISC_R_SUCCESS)
goto cleanup;

4
lib/ns/interfacemgr.c
View File

@ -760,7 +760,7 @@ setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) {
/* First add localhost address */
prefixlen = (netaddr->family == AF_INET) ? 32 : 128;
result = dns_iptable_addprefix(mgr->aclenv.localhost->iptable,
netaddr, prefixlen, ISC_TRUE);
netaddr, prefixlen, ISC_TRUE, ISC_FALSE);
if (result != ISC_R_SUCCESS)
return (result);
@ -790,7 +790,7 @@ setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) {
}
result = dns_iptable_addprefix(mgr->aclenv.localnets->iptable,
netaddr, prefixlen, ISC_TRUE);
netaddr, prefixlen, ISC_TRUE, ISC_FALSE);
if (result != ISC_R_SUCCESS)
return (result);