From: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
Date: Mon, 13 Jan 2025 10:33:24 +0000 (+0100)
Subject: - Fix #1213: Misleading error message on default access control causing
X-Git-Tag: release-1.23.0rc1~72
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=62a0e038016122acab06e4795ec35172479247eb;p=thirdparty%2Funbound.git

- Fix #1213: Misleading error message on default access control causing
  refuse.
---

diff --git a/daemon/acl_list.c b/daemon/acl_list.c
index 605851e4f..bce55ebcd 100644
--- a/daemon/acl_list.c
+++ b/daemon/acl_list.c
@@ -221,7 +221,9 @@ acl_interface_insert(struct acl_list* acl_interface,
 	struct sockaddr_storage* addr, socklen_t addrlen,
 	enum acl_access control)
 {
-	return acl_find_or_create(acl_interface, addr, addrlen, control);
+	struct acl_addr* node = acl_find_or_create(acl_interface, addr, addrlen, control);
+	node->is_inteface = 1;
+	return node;
 }
 
 /** apply acl_tag string */
@@ -805,7 +807,9 @@ log_acl_action(const char* action, struct sockaddr_storage* addr,
 		addr_to_str(&acladdr->node.addr, acladdr->node.addrlen,
 			n, sizeof(n));
 		verbose(VERB_ALGO, "%s query from %s port %d because of "
-			"%s/%d %s", action, a, (int)port, n, acladdr->node.net,
+			"%s/%d %s%s", action, a, (int)port, n,
+			acladdr->node.net,
+			acladdr->is_inteface?"(ACL on interface IP) ":"",
 			acl_access_to_str(acl));
 	} else {
 		verbose(VERB_ALGO, "%s query from %s port %d", action, a,
diff --git a/daemon/acl_list.h b/daemon/acl_list.h
index ee679eb6e..5c34280b6 100644
--- a/daemon/acl_list.h
+++ b/daemon/acl_list.h
@@ -107,6 +107,8 @@ struct acl_addr {
 	struct config_strlist** tag_datas;
 	/** size of the tag_datas array */
 	size_t tag_datas_size;
+	/* If the acl node is for an interface */
+	int is_inteface;
 	/* view element, NULL if none */
 	struct view* view;
 };
diff --git a/doc/Changelog b/doc/Changelog
index 7842da956..f55fb05ed 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+13 January 2025: Yorgos
+	- Fix #1213: Misleading error message on default access control causing
+	  refuse.
+
 10 January 2025: Yorgos
 	- Merge #1214: Use TCP_NODELAY on TLS sockets to speed up the TLS
 	  handshake.