From 7ef557023fcebc709bcc2e5db6be38981a69f792 Mon Sep 17 00:00:00 2001
From: Shawn Routhier <sar@isc.org>
Date: Thu, 16 Jul 2015 11:13:39 -0700
Subject: [PATCH] [master] Relax restriction on prefix pools being within the
 subnet

---
 RELNOTES          |  6 ++++++
 server/confpars.c | 23 +++++++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/RELNOTES b/RELNOTES
index 3db92141..464595a2 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -167,6 +167,12 @@ by Eric Young (eay@cryptsoft.com).
   Thanks to Jiri Popelka at Red Hat for the patch.
   [ISC-Bugs #36978]
 
+- Relax the requirement that prefix pools must be within the subnet.
+  This was added in as part of #32453 in order to avoid configuration
+  mistakes but is being removed as prefixes aren't required to be
+  within the same subnet and many people configure them in that fashion.
+  [ISC-Bugs #40077]
+
 			Changes since 4.3.2rc2
 - None
 
diff --git a/server/confpars.c b/server/confpars.c
index d5534549..4b2907d4 100644
--- a/server/confpars.c
+++ b/server/confpars.c
@@ -4169,6 +4169,12 @@ parse_prefix6(struct parse *cfile,
 		return;
 	}
 
+#if 0
+	/* Prefixes are not required to be within the subnet, but I'm not
+	 * entirely sure that we won't want to revive this code as a warning
+	 * in the future so I'm ifdeffing it
+	 */
+
 	/* Make sure starting prefix is within the subnet */
 	if (!addr_eq(group->subnet->net,
 		     subnet_number(lo, group->subnet->netmask))) {
@@ -4177,11 +4183,18 @@ parse_prefix6(struct parse *cfile,
 			      skip_to_semi(cfile);
 		return;
 	}
+#endif
 
 	if (!parse_ip6_addr(cfile, &hi)) {
 		return;
 	}
 
+#if 0
+	/* Prefixes are not required to be within the subnet, but I'm not
+	 * entirely sure that we won't want to revive this code as a warning
+	 * in the future so I'm ifdeffing it
+	 */
+
 	/* Make sure ending prefix is within the subnet */
 	if (!addr_eq(group->subnet->net,
 		     subnet_number(hi, group->subnet->netmask))) {
@@ -4190,6 +4203,7 @@ parse_prefix6(struct parse *cfile,
 			      skip_to_semi(cfile);
 		return;
 	}
+#endif
 
 	/*
 	 * Next is '/' number ';'.
@@ -4213,11 +4227,20 @@ parse_prefix6(struct parse *cfile,
 		parse_warn(cfile, "networks have 0 to 128 bits (exclusive)");
 		return;
 	}
+
+#if 0
+	/* Prefixes are not required to be within the subnet, but I'm not
+	 * entirely sure that we won't want to revive this code as a warning
+	 * in the future so I'm ifdeffing it
+	 */
+
 	if (bits < group->subnet->prefix_len) {
 		parse_warn(cfile, "network mask smaller than subnet mask");
 		skip_to_semi(cfile);
 		return;
 	}
+#endif
+
 	if (!is_cidr_mask_valid(&lo, bits) ||
 	    !is_cidr_mask_valid(&hi, bits)) {
 		parse_warn(cfile, "network mask too short");