mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

More explicit dns64 prefix errors

Browse Source 
Quote the dns64 prefix in error messages that complain about
problems with it, to avoid confusion with the following ACLs.

Closes #3210
This commit is contained in:
Tony Finch
2022-03-16 17:33:10 +00:00
committed by Ondřej Surý
parent 96e9f59637
commit 496c02d32a
1 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/bind9/check.c
View File

@@ -544,7 +544,14 @@ check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
return (result);
}
static const unsigned char zeros[16];
static void
dns64_error(const cfg_obj_t *obj, isc_log_t *logctx, isc_netaddr_t *netaddr,
unsigned int prefixlen, const char *message) {
char buf[ISC_NETADDR_FORMATSIZE + 1];
isc_netaddr_format(netaddr, buf, sizeof(buf));
cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "dns64 prefix %s/%u %s", buf,
prefixlen, message);
}
static isc_result_t
check_dns64(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
@@ -583,16 +590,15 @@ check_dns64(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
cfg_obj_asnetprefix(obj, &na, &prefixlen);
if (na.family != AF_INET6) {
cfg_obj_log(map, logctx, ISC_LOG_ERROR,
"dns64 requires a IPv6 prefix");
dns64_error(map, logctx, &na, prefixlen,
"must be IPv6");
result = ISC_R_FAILURE;
continue;
}
if (na.type.in6.s6_addr[8] != 0) {
cfg_obj_log(map, logctx, ISC_LOG_ERROR,
"invalid prefix, bits [64..71] must be "
"zero");
dns64_error(map, logctx, &na, prefixlen,
"bits [64..71] must be zero");
result = ISC_R_FAILURE;
continue;
}
@@ -600,9 +606,8 @@ check_dns64(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
if (prefixlen != 32 && prefixlen != 40 && prefixlen != 48 &&
prefixlen != 56 && prefixlen != 64 && prefixlen != 96)
{
cfg_obj_log(map, logctx, ISC_LOG_ERROR,
"bad prefix length %u [32/40/48/56/64/96]",
prefixlen);
dns64_error(map, logctx, &na, prefixlen,
"length is not 32/40/48/56/64/96");
result = ISC_R_FAILURE;
continue;
}
@@ -629,6 +634,7 @@ check_dns64(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
obj = NULL;
(void)cfg_map_get(map, "suffix", &obj);
if (obj != NULL) {
static const unsigned char zeros[16];
isc_netaddr_fromsockaddr(&sa, cfg_obj_assockaddr(obj));
if (sa.family != AF_INET6) {
cfg_obj_log(map, logctx, ISC_LOG_ERROR,