- Fix #1407: Add ECS options check to unbound-checkconf.

git-svn-id: file:///svn/unbound/trunk@4307 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 140408c171820019ae1b81ab380078dbee8c3288..809aa05363f13dc6c43df1ef904ee60f5abc6b7e 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+23 August 2017: Wouter
+       - Fix #1407: Add ECS options check to unbound-checkconf.
+
 22 August 2017: Wouter
        - Fix install of trust anchor when two anchors are present, makes both
          valid. Checks hash of DS but not signature of new key. This fixes

diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c
index 2088a8c61cae7986fdf0d6a1c436756543a72986..849bb96ef9e1184d765482dbfe79fb9ff709db8e 100644 (file)
--- a/smallapp/unbound-checkconf.c
+++ b/smallapp/unbound-checkconf.c
@@ -71,6 +71,9 @@
 #ifdef WITH_PYTHONMODULE
 #include "pythonmod/pythonmod.h"
 #endif
+#ifdef CLIENT_SUBNET
+#include "edns-subnet/subnet-whitelist.h"
+#endif
 
 /** Give checkconf usage, and exit (1). */
 static void
@@ -345,6 +348,20 @@ check_chroot_filelist_wild(const char* desc, struct config_strlist* list,
        }
 }
 
+#ifdef CLIENT_SUBNET
+/** check ECS configuration */
+static void
+ecs_conf_checks(struct config_file* cfg)
+{
+       struct ecs_whitelist* whitelist = NULL;
+       if(!(whitelist = ecs_whitelist_create()))
+               fatal_exit("Could not create ednssubnet whitelist: out of memory");
+        if(!ecs_whitelist_apply_cfg(whitelist, cfg))
+               fatal_exit("Could not setup ednssubnet whitelist");
+       ecs_whitelist_delete(whitelist);
+}
+#endif /* CLIENT_SUBNET */
+
 /** check configuration for errors */
 static void
 morechecks(struct config_file* cfg, const char* fname)
@@ -527,6 +544,9 @@ morechecks(struct config_file* cfg, const char* fname)
 
        localzonechecks(cfg);
        view_and_respipchecks(cfg);
+#ifdef CLIENT_SUBNET
+       ecs_conf_checks(cfg);
+#endif
 }
 
 /** check forwards */