]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
projects / thirdparty / unbound.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 716f3df)
- Fix #1213: Misleading error message on default access control causing
authorYorgos Thessalonikefs <yorgos@nlnetlabs.nl>
Mon, 13 Jan 2025 10:33:24 +0000 (11:33 +0100)
committerYorgos Thessalonikefs <yorgos@nlnetlabs.nl>
Mon, 13 Jan 2025 10:33:24 +0000 (11:33 +0100)
  refuse.

daemon/acl_list.c patch | blob | blame | history
daemon/acl_list.h patch | blob | blame | history
doc/Changelog patch | blob | blame | history

diff --git a/daemon/acl_list.c b/daemon/acl_list.c
index 605851e4f595290439701c0dc567ca0e9744b5cb..bce55ebcd091af86a1d847ebf4510b487689a57d 100644 (file)
--- a/daemon/acl_list.c
+++ b/daemon/acl_list.c
@@ -221,7 +221,9 @@ acl_interface_insert(struct acl_list* acl_interface,
        struct sockaddr_storage* addr, socklen_t addrlen,
        enum acl_access control)
 {
-       return acl_find_or_create(acl_interface, addr, addrlen, control);
+       struct acl_addr* node = acl_find_or_create(acl_interface, addr, addrlen, control);
+       node->is_inteface = 1;
+       return node;
 }
 
 /** apply acl_tag string */
@@ -805,7 +807,9 @@ log_acl_action(const char* action, struct sockaddr_storage* addr,
                addr_to_str(&acladdr->node.addr, acladdr->node.addrlen,
                        n, sizeof(n));
                verbose(VERB_ALGO, "%s query from %s port %d because of "
-                       "%s/%d %s", action, a, (int)port, n, acladdr->node.net,
+                       "%s/%d %s%s", action, a, (int)port, n,
+                       acladdr->node.net,
+                       acladdr->is_inteface?"(ACL on interface IP) ":"",
                        acl_access_to_str(acl));
        } else {
                verbose(VERB_ALGO, "%s query from %s port %d", action, a,
diff --git a/daemon/acl_list.h b/daemon/acl_list.h
index ee679eb6e1ad44eb1b7ebb62e35c89318d5173e2..5c34280b6ab653847e12e45d5bf6ad78bc6926fd 100644 (file)
--- a/daemon/acl_list.h
+++ b/daemon/acl_list.h
@@ -107,6 +107,8 @@ struct acl_addr {
        struct config_strlist** tag_datas;
        /** size of the tag_datas array */
        size_t tag_datas_size;
+       /* If the acl node is for an interface */
+       int is_inteface;
        /* view element, NULL if none */
        struct view* view;
 };
diff --git a/doc/Changelog b/doc/Changelog
index 7842da95639dcc012e6601b33540099e43de5e06..f55fb05ed8e35762920655194e3d8a5e3aa9774b 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+13 January 2025: Yorgos
+       - Fix #1213: Misleading error message on default access control causing
+         refuse.
+
 10 January 2025: Yorgos
        - Merge #1214: Use TCP_NODELAY on TLS sockets to speed up the TLS
          handshake.
Mirror of https://github.com/NLnetLabs/unbound.git