788. [feature] Add the "match-mapped-addresses" options, which

causes IPv6 v4mapped addresses to be treated as IPv4 addresses for the purpose of acl matching.
2025-08-31 06:25:31 +00:00 · 2001-03-26 21:33:07 +00:00
parent 0a10d7722e
commit 6eccf5bd07
14 changed files with 87 additions and 18 deletions
--- a/lib/dns/acl.c
+++ b/lib/dns/acl.c
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: acl.c,v 1.21 2001/02/08 23:30:31 gson Exp $ */
+/* $Id: acl.c,v 1.22 2001/03/26 21:32:57 bwelling Exp $ */

 #include <config.h>

@@ -157,12 +157,24 @@ dns_aclelement_match(isc_netaddr_t *reqaddr,
 		     dns_aclelement_t **matchelt)
 {
 	dns_acl_t *inner = NULL;
+	isc_netaddr_t *addr;
+	isc_netaddr_t v4addr;
 	int indirectmatch;
 	isc_result_t result;

 	switch (e->type) {
 	case dns_aclelementtype_ipprefix:
-		if (isc_netaddr_eqprefix(reqaddr,
+		if (env == NULL ||
+		    env->match_mapped == ISC_FALSE ||
+		    reqaddr->family != AF_INET6 ||
+		    !IN6_IS_ADDR_V4MAPPED(&reqaddr->type.in6))
+			addr = reqaddr;
+		else {
+			isc_netaddr_fromv4mapped(&v4addr, reqaddr);
+			addr = &v4addr;
+		}
+
+		if (isc_netaddr_eqprefix(addr,
 					 &e->u.ip_prefix.address, 
 					 e->u.ip_prefix.prefixlen))
 			goto matched;
@@ -389,6 +401,7 @@ dns_aclenv_init(isc_mem_t *mctx, dns_aclenv_t *env) {
 	result = dns_acl_create(mctx, 0, &env->localnets);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup_localhost;
+	env->match_mapped = ISC_FALSE;
 	return (ISC_R_SUCCESS);

 cleanup_localhost:
@@ -403,6 +416,7 @@ dns_aclenv_copy(dns_aclenv_t *t, dns_aclenv_t *s) {
 	dns_acl_attach(s->localhost, &t->localhost);
 	dns_acl_detach(&t->localnets);
 	dns_acl_attach(s->localnets, &t->localnets);
+	t->match_mapped = s->match_mapped;
 }

 void