From 62a0e038016122acab06e4795ec35172479247eb Mon Sep 17 00:00:00 2001 From: Yorgos Thessalonikefs Date: Mon, 13 Jan 2025 11:33:24 +0100 Subject: [PATCH] - Fix #1213: Misleading error message on default access control causing refuse. --- daemon/acl_list.c | 8 ++++++-- daemon/acl_list.h | 2 ++ doc/Changelog | 4 ++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/daemon/acl_list.c b/daemon/acl_list.c index 605851e4f..bce55ebcd 100644 --- a/daemon/acl_list.c +++ b/daemon/acl_list.c @@ -221,7 +221,9 @@ acl_interface_insert(struct acl_list* acl_interface, struct sockaddr_storage* addr, socklen_t addrlen, enum acl_access control) { - return acl_find_or_create(acl_interface, addr, addrlen, control); + struct acl_addr* node = acl_find_or_create(acl_interface, addr, addrlen, control); + node->is_inteface = 1; + return node; } /** apply acl_tag string */ @@ -805,7 +807,9 @@ log_acl_action(const char* action, struct sockaddr_storage* addr, addr_to_str(&acladdr->node.addr, acladdr->node.addrlen, n, sizeof(n)); verbose(VERB_ALGO, "%s query from %s port %d because of " - "%s/%d %s", action, a, (int)port, n, acladdr->node.net, + "%s/%d %s%s", action, a, (int)port, n, + acladdr->node.net, + acladdr->is_inteface?"(ACL on interface IP) ":"", acl_access_to_str(acl)); } else { verbose(VERB_ALGO, "%s query from %s port %d", action, a, diff --git a/daemon/acl_list.h b/daemon/acl_list.h index ee679eb6e..5c34280b6 100644 --- a/daemon/acl_list.h +++ b/daemon/acl_list.h @@ -107,6 +107,8 @@ struct acl_addr { struct config_strlist** tag_datas; /** size of the tag_datas array */ size_t tag_datas_size; + /* If the acl node is for an interface */ + int is_inteface; /* view element, NULL if none */ struct view* view; }; diff --git a/doc/Changelog b/doc/Changelog index 7842da956..f55fb05ed 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +13 January 2025: Yorgos + - Fix #1213: Misleading error message on default access control causing + refuse. + 10 January 2025: Yorgos - Merge #1214: Use TCP_NODELAY on TLS sockets to speed up the TLS handshake.