mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
Merge branch '3210-dns64-errors-v9_18' into 'v9_18'
More explicit dns64 prefix errors [v9.18] See merge request isc-projects/bind9!6030
This commit is contained in:
Ondřej Surý
commit
78d6a20c88
2 changed files with 19 additions and 9 deletions
4
CHANGES
4
CHANGES
|
|
@ -1,3 +1,7 @@
|
|||
5836. [bug] Quote the dns64 prefix in error messages that complain
|
||||
about problems with it, to avoid confusion with the
|
||||
following dns64 ACLs. [GL #3210]
|
||||
|
||||
5834. [cleanup] C99 variable-length arrays are difficult to use safely,
|
||||
so avoid them except in test code. [GL #3201]
|
||||
|
||||
|
|
|
|||
|
|
@ -546,7 +546,14 @@ check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
|
|||
return (result);
|
||||
}
|
||||
|
||||
static const unsigned char zeros[16];
|
||||
static void
|
||||
dns64_error(const cfg_obj_t *obj, isc_log_t *logctx, isc_netaddr_t *netaddr,
|
||||
unsigned int prefixlen, const char *message) {
|
||||
char buf[ISC_NETADDR_FORMATSIZE + 1];
|
||||
isc_netaddr_format(netaddr, buf, sizeof(buf));
|
||||
cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "dns64 prefix %s/%u %s", buf,
|
||||
prefixlen, message);
|
||||
}
|
||||
|
||||
static isc_result_t
|
||||
check_dns64(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
|
||||
|
|
@ -585,16 +592,15 @@ check_dns64(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
|
|||
|
||||
cfg_obj_asnetprefix(obj, &na, &prefixlen);
|
||||
if (na.family != AF_INET6) {
|
||||
cfg_obj_log(map, logctx, ISC_LOG_ERROR,
|
||||
"dns64 requires a IPv6 prefix");
|
||||
dns64_error(map, logctx, &na, prefixlen,
|
||||
"must be IPv6");
|
||||
result = ISC_R_FAILURE;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (na.type.in6.s6_addr[8] != 0) {
|
||||
cfg_obj_log(map, logctx, ISC_LOG_ERROR,
|
||||
"invalid prefix, bits [64..71] must be "
|
||||
"zero");
|
||||
dns64_error(map, logctx, &na, prefixlen,
|
||||
"bits [64..71] must be zero");
|
||||
result = ISC_R_FAILURE;
|
||||
continue;
|
||||
}
|
||||
|
|
@ -602,9 +608,8 @@ check_dns64(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
|
|||
if (prefixlen != 32 && prefixlen != 40 && prefixlen != 48 &&
|
||||
prefixlen != 56 && prefixlen != 64 && prefixlen != 96)
|
||||
{
|
||||
cfg_obj_log(map, logctx, ISC_LOG_ERROR,
|
||||
"bad prefix length %u [32/40/48/56/64/96]",
|
||||
prefixlen);
|
||||
dns64_error(map, logctx, &na, prefixlen,
|
||||
"length is not 32/40/48/56/64/96");
|
||||
result = ISC_R_FAILURE;
|
||||
continue;
|
||||
}
|
||||
|
|
@ -631,6 +636,7 @@ check_dns64(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
|
|||
obj = NULL;
|
||||
(void)cfg_map_get(map, "suffix", &obj);
|
||||
if (obj != NULL) {
|
||||
static const unsigned char zeros[16];
|
||||
isc_netaddr_fromsockaddr(&sa, cfg_obj_assockaddr(obj));
|
||||
if (sa.family != AF_INET6) {
|
||||
cfg_obj_log(map, logctx, ISC_LOG_ERROR,
|
||||
|
|
|
|||
Loading…
Reference in a new issue