2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be

matched in acls by omitting the scope. [RT #16599]

CHANGES

@@ -1,3 +1,6 @@
+2154.	[func]		Scoped (e.g. IPv6 link-local) addresses may now be
+			matched in acls by omitting the scope. [RT #16599]
+
 2153.	[bug]		nsupdate could leak memory. [RT #16691]
 
 2152.	[cleanup]	Use sizeof(buf) instead of fixed number in

doc/arm/Bv9ARM-book.xml

@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- File: $Id: Bv9ARM-book.xml,v 1.314 2007/02/06 04:00:21 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.315 2007/03/05 04:57:57 marka Exp $ -->
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
   <title>BIND 9 Administrator Reference Manual</title>
 
@@ -2798,33 +2798,29 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
                   <varname>ip6_addr</varname>
                 </para>
               </entry>
-              <entry colname="2">
+	      <entry colname="2">
-                <para>
+		<para>
-                  An IPv6 address, such as <command>2001:db8::1234</command>.
+		  An IPv6 address, such as <command>2001:db8::1234</command>.
-                  IPv6 scoped addresses that have ambiguity on their scope
+		  IPv6 scoped addresses that have ambiguity on their
-                  zones must be
+		  scope zones must be disambiguated by an appropriate
-                  disambiguated by an appropriate zone ID with the percent
+		  zone ID with the percent character (`%') as
-                  character
+		  delimiter.  It is strongly recommended to use
-                  (`%') as delimiter.
+		  string zone names rather than numeric identifiers,
-                  It is strongly recommended to use string zone names rather
+		  in order to be robust against system configuration
-                  than
+		  changes.  However, since there is no standard
-                  numeric identifiers, in order to be robust against system
+		  mapping for such names and identifier values,
-                  configuration changes.
+		  currently only interface names as link identifiers
-                  However, since there is no standard mapping for such names
+		  are supported, assuming one-to-one mapping between
-                  and
+		  interfaces and links.  For example, a link-local
-                  identifier values, currently only interface names as link
+		  address <command>fe80::1</command> on the link
-                  identifiers
+		  attached to the interface <command>ne0</command>
-                  are supported, assuming one-to-one mapping between
+		  can be specified as <command>fe80::1%ne0</command>.
-                  interfaces and links.
+		  Note that on most systems link-local addresses
-                  For example, a link-local address <command>fe80::1</command> on the
+		  always have the ambiguity, and need to be
-                  link attached to the interface <command>ne0</command>
+		  disambiguated.
-                  can be specified as <command>fe80::1%ne0</command>.
+		</para>
-                  Note that on most systems link-local addresses always have
+	      </entry>
-                  the
+	    </row>
-                  ambiguity, and need to be disambiguated.
-                </para>
-              </entry>
-            </row>
             <row rowsep="0">
               <entry colname="1">
                 <para>
@@ -2874,6 +2870,11 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
                   netmask <command>255.0.0.0</command> and <command>1.2.3.0/28</command> is
                   network <command>1.2.3.0</command> with netmask <command>255.255.255.240</command>.
                 </para>
+                <para>
+		  When specifying a prefix involving a IPv6 scoped address
+		  the scope may be omitted.  In that case the prefix will
+		  match packets from any scope.
+                </para>
               </entry>
             </row>
             <row rowsep="0">

lib/isc/include/isc/netaddr.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: netaddr.h,v 1.32 2006/12/22 01:59:43 marka Exp $ */
+/* $Id: netaddr.h,v 1.33 2007/03/05 04:57:57 marka Exp $ */
 
 #ifndef ISC_NETADDR_H
 #define ISC_NETADDR_H 1
@@ -48,13 +48,18 @@ struct isc_netaddr {
 isc_boolean_t
 isc_netaddr_equal(const isc_netaddr_t *a, const isc_netaddr_t *b);
 
+/*%<
+ * Compare network addresses 'a' and 'b'.  Return #ISC_TRUE if
+ * they are equal, #ISC_FALSE if not.
+ */
+
 isc_boolean_t
 isc_netaddr_eqprefix(const isc_netaddr_t *a, const isc_netaddr_t *b,
 		     unsigned int prefixlen);
 /*%<
  * Compare the 'prefixlen' most significant bits of the network
- * addresses 'a' and 'b'.  Return #ISC_TRUE if they are equal,
+ * addresses 'a' and 'b'.  If 'b''s scope is zero then 'a''s scope is
- * #ISC_FALSE if not.
+ * ignored.  Return #ISC_TRUE if they are equal, #ISC_FALSE if not.
  */
 
 isc_result_t

lib/isc/include/isc/sockaddr.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sockaddr.h,v 1.52 2006/12/22 01:45:00 marka Exp $ */
+/* $Id: sockaddr.h,v 1.53 2007/03/05 04:57:57 marka Exp $ */
 
 #ifndef ISC_SOCKADDR_H
 #define ISC_SOCKADDR_H 1
@@ -84,6 +84,7 @@ isc_sockaddr_eqaddrprefix(const isc_sockaddr_t *a, const isc_sockaddr_t *b,
 /*%<
  * Return ISC_TRUE iff the most significant 'prefixlen' bits of the
  * socket addresses 'a' and 'b' are equal, ignoring the ports.
+ * If 'b''s scope is zero then 'a''s scope will be ignored.
  */
 
 unsigned int

lib/isc/netaddr.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: netaddr.c,v 1.35 2005/04/27 04:57:13 sra Exp $ */
+/* $Id: netaddr.c,v 1.36 2007/03/05 04:57:57 marka Exp $ */
 
 /*! \file */
 
@@ -79,7 +79,7 @@ isc_netaddr_eqprefix(const isc_netaddr_t *a, const isc_netaddr_t *b,
 	if (a->family != b->family)
 		return (ISC_FALSE);
 
-	if (a->zone != b->zone)
+	if (a->zone != b->zone && b->zone != 0)
 		return (ISC_FALSE);
 
 	switch (a->family) {