diff --git a/src/knot/conf/conf.c b/src/knot/conf/conf.c index 8bf478892..c27aac220 100644 --- a/src/knot/conf/conf.c +++ b/src/knot/conf/conf.c @@ -474,7 +474,7 @@ struct sockaddr_storage conf_addr( struct sockaddr_storage conf_net( conf_val_t *val, - unsigned *prefix_length) + int *prefix_length) { assert(val != NULL && val->item != NULL && prefix_length != NULL); assert(val->item->type == YP_TNET || @@ -484,18 +484,8 @@ struct sockaddr_storage conf_net( struct sockaddr_storage out = { AF_UNSPEC }; if (val->code == KNOT_EOK) { - int prefix; conf_db_val(val); - out = yp_addr(val->data, val->len, &prefix); - if (prefix != -1) { - *prefix_length = prefix; - } else { - if (out.ss_family == AF_INET) { - *prefix_length = IPV4_PREFIXLEN; - } else if (out.ss_family == AF_INET6) { - *prefix_length = IPV6_PREFIXLEN; - } - } + out = yp_addr(val->data, val->len, prefix_length); } else { *prefix_length = 0; } diff --git a/src/knot/conf/conf.h b/src/knot/conf/conf.h index 4f22f6b47..ab7fc3158 100644 --- a/src/knot/conf/conf.h +++ b/src/knot/conf/conf.h @@ -228,7 +228,7 @@ struct sockaddr_storage conf_addr( struct sockaddr_storage conf_net( conf_val_t *val, - unsigned *prefix_length + int *prefix_length ); char* conf_abs_path( diff --git a/src/knot/modules/synth_record.c b/src/knot/modules/synth_record.c index 7b3e2cd65..09f3b2c74 100644 --- a/src/knot/modules/synth_record.c +++ b/src/knot/modules/synth_record.c @@ -86,7 +86,7 @@ typedef struct synth_template { char *zone; uint32_t ttl; struct sockaddr_storage addr; - unsigned mask; + int mask; } synth_template_t; /*! \brief Substitute all occurences of given character. */ diff --git a/src/knot/updates/acl.c b/src/knot/updates/acl.c index e825daf71..09349b5ef 100644 --- a/src/knot/updates/acl.c +++ b/src/knot/updates/acl.c @@ -40,7 +40,7 @@ static const uint8_t* ipv6_addr(const struct sockaddr_storage *ss) { bool netblock_match(const struct sockaddr_storage *ss1, const struct sockaddr_storage *ss2, - unsigned prefix) + int prefix) { if (ss1 == NULL || ss2 == NULL) { return false; @@ -55,12 +55,20 @@ bool netblock_match(const struct sockaddr_storage *ss1, case AF_INET: addr1 = ipv4_addr(ss1); addr2 = ipv4_addr(ss2); - prefix = prefix > IPV4_PREFIXLEN ? IPV4_PREFIXLEN : prefix; + if (prefix < 0) { + prefix = IPV4_PREFIXLEN; + } else if (prefix > IPV4_PREFIXLEN) { + prefix = IPV4_PREFIXLEN; + } break; case AF_INET6: addr1 = ipv6_addr(ss1); addr2 = ipv6_addr(ss2); - prefix = prefix > IPV6_PREFIXLEN ? IPV6_PREFIXLEN : prefix; + if (prefix < 0) { + prefix = IPV6_PREFIXLEN; + } else if (prefix > IPV6_PREFIXLEN) { + prefix = IPV6_PREFIXLEN; + } break; default: return false; @@ -101,7 +109,7 @@ bool acl_allowed(conf_val_t *acl, acl_action_t action, /* Check if the address matches the current acl address list. */ val = conf_id_get(conf(), C_ACL, C_ADDR, acl); while (val.code == KNOT_EOK) { - unsigned prefix; + int prefix; struct sockaddr_storage ss; ss = conf_net(&val, &prefix); if (!netblock_match(addr, &ss, prefix)) { diff --git a/src/knot/updates/acl.h b/src/knot/updates/acl.h index 2f2e74c97..46754ca42 100644 --- a/src/knot/updates/acl.h +++ b/src/knot/updates/acl.h @@ -44,11 +44,11 @@ typedef enum { * * \param ss1 First address storage. * \param ss2 Second address storage. - * \param prefix Netblock length. + * \param prefix Netblock length (negative value for maximum prefix length). */ bool netblock_match(const struct sockaddr_storage *ss1, const struct sockaddr_storage *ss2, - unsigned prefix); + int prefix); /*! * \brief Checks if the address and/or tsig key matches given ACL list. diff --git a/tests/acl.c b/tests/acl.c index ac2f1ed8f..31eca5eb8 100644 --- a/tests/acl.c +++ b/tests/acl.c @@ -53,6 +53,8 @@ static void test_netblock_match(void) ret = netblock_match(&ref4, NULL, 32); ok(ret == false, "match: NULL second parameter"); + ret = netblock_match(&ref4, &ref4, -1); + ok(ret == true, "match: ipv4 - identity, auto full prefix"); ret = netblock_match(&ref4, &ref4, 31); ok(ret == true, "match: ipv4 - identity, subnet"); ret = netblock_match(&ref4, &ref4, 32); @@ -60,6 +62,8 @@ static void test_netblock_match(void) ret = netblock_match(&ref4, &ref4, 33); ok(ret == true, "match: ipv4 - identity, prefix overflow"); + ret = netblock_match(&ref6, &ref6, -1); + ok(ret == true, "match: ipv6 - identity, auto full prefix"); ret = netblock_match(&ref6, &ref6, 127); ok(ret == true, "match: ipv6 - identity, subnet"); ret = netblock_match(&ref6, &ref6, 128);