- Fix #1213: Misleading error message on default access control causing

refuse.
NLnetLabs · Jan 13, 2025 · 62a0e03 · 62a0e03
1 parent 716f3df
commit 62a0e03
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/daemon/acl_list.c b/daemon/acl_list.c
@@ -221,7 +221,9 @@ acl_interface_insert(struct acl_list* acl_interface,
 	struct sockaddr_storage* addr, socklen_t addrlen,
 	enum acl_access control)
 {
-	return acl_find_or_create(acl_interface, addr, addrlen, control);
+	struct acl_addr* node = acl_find_or_create(acl_interface, addr, addrlen, control);
+	node->is_inteface = 1;
+	return node;
 }
 
 /** apply acl_tag string */
@@ -805,7 +807,9 @@ log_acl_action(const char* action, struct sockaddr_storage* addr,
 		addr_to_str(&acladdr->node.addr, acladdr->node.addrlen,
 			n, sizeof(n));
 		verbose(VERB_ALGO, "%s query from %s port %d because of "
-			"%s/%d %s", action, a, (int)port, n, acladdr->node.net,
+			"%s/%d %s%s", action, a, (int)port, n,
+			acladdr->node.net,
+			acladdr->is_inteface?"(ACL on interface IP) ":"",
 			acl_access_to_str(acl));
 	} else {
 		verbose(VERB_ALGO, "%s query from %s port %d", action, a,

diff --git a/daemon/acl_list.h b/daemon/acl_list.h
@@ -107,6 +107,8 @@ struct acl_addr {
 	struct config_strlist** tag_datas;
 	/** size of the tag_datas array */
 	size_t tag_datas_size;
+	/* If the acl node is for an interface */
+	int is_inteface;
 	/* view element, NULL if none */
 	struct view* view;
 };

diff --git a/doc/Changelog b/doc/Changelog
@@ -1,3 +1,7 @@
+13 January 2025: Yorgos
+	- Fix #1213: Misleading error message on default access control causing
+	  refuse.
+
 10 January 2025: Yorgos
 	- Merge #1214: Use TCP_NODELAY on TLS sockets to speed up the TLS
 	  handshake.