From: Mark Andrews <marka@isc.org>
Date: Sat, 13 Oct 2001 04:00:12 +0000 (+0000)
Subject: pullup:
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba44610aa2094ad4b77271ebef5dc1c6e7b2e841;p=thirdparty%2Fbind9.git

pullup:
1051.   [bug]           Do not ignore a network interface completely just
                        because it has a noncontiguous netmask.  Instead,
                        omit it from the localnets ACL and issue a warning.
                        [RT #1891]
---

diff --git a/CHANGES b/CHANGES
index 4254fe76d6b..717dc34188c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+1051.	[bug]		Do not ignore a network interface completely just
+			because it has a noncontiguous netmask.  Instead,
+			omit it from the localnets ACL and issue a warning.
+			[RT #1891]
+
 1047.	[bug]		When a request was refused due to being signed with
 			a TSIG key derived from an unsigned TKEY negotiation,
 			the response could have an rcode of SUCCESS rather
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index 9f4a5670907..01c85da92b4 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: interfacemgr.c,v 1.54.2.2 2001/10/11 01:23:40 marka Exp $ */
+/* $Id: interfacemgr.c,v 1.54.2.3 2001/10/13 04:00:12 marka Exp $ */
 
 #include <config.h>
 
@@ -499,23 +499,32 @@ do_ipv4(ns_interfacemgr_t *mgr) {
 		if ((interface.flags & INTERFACE_F_UP) == 0)
 			continue;
 
-		result = isc_netaddr_masktoprefixlen(&interface.netmask,
-						     &prefixlen);
-		if (result != ISC_R_SUCCESS)
-			goto ignore_interface;
 		elt.type = dns_aclelementtype_ipprefix;
 		elt.negative = ISC_FALSE;
 		elt.u.ip_prefix.address = interface.address;
-		elt.u.ip_prefix.prefixlen = prefixlen;
-		/* XXX suppress duplicates */
-		result = dns_acl_appendelement(mgr->aclenv.localnets, &elt);
-		if (result != ISC_R_SUCCESS)
-			goto ignore_interface;
 		elt.u.ip_prefix.prefixlen = 32;
 		result = dns_acl_appendelement(mgr->aclenv.localhost, &elt);
 		if (result != ISC_R_SUCCESS)
 			goto ignore_interface;
 
+		result = isc_netaddr_masktoprefixlen(&interface.netmask,
+						     &prefixlen);
+		if (result != ISC_R_SUCCESS) {
+			isc_log_write(IFMGR_COMMON_LOGARGS,
+				      ISC_LOG_WARNING,
+				      "omitting IPv4 interface %s from "
+				      "localnets ACL: %s",
+				      interface.name,
+				      isc_result_totext(result));
+		} else {
+			elt.u.ip_prefix.prefixlen = prefixlen;
+			/* XXX suppress duplicates */
+			result = dns_acl_appendelement(mgr->aclenv.localnets,
+						       &elt);
+			if (result != ISC_R_SUCCESS)
+				goto ignore_interface;
+		}
+
 		for (le = ISC_LIST_HEAD(mgr->listenon4->elts);
 		     le != NULL;
 		     le = ISC_LIST_NEXT(le, link))