Maintained by: NLnet Labs

[patch] insecure-lan-zones

Dag-Erling Smørgrav
Sun Feb 7 00:29:34 CET 2016


Dag-Erling Smørgrav <des at des.no> writes:
> When using unblock-lan-zones, you will more likely than not also need to
> disable validation for these zones.  The attached patch adds a new
> configuration option, insecure-lan-zones, which adds all AS112 zones to
> the list of insecure domains.  Note that it moves the list of AS112
> zones, which is currently hardcoded in services/localzone.c, into an
> array in util/as112.c.

I just found an error in the patch: to avoid "cast discards qualifier"
warnings, as112_zones should be declared as "const char**" and not const
"char* const*" (the definition of "equivalent types" in C makes it hard
to use the correct type for const arrays of pointers to const objects,
so the simplest solution is to not declare them as const).  Your
compiler may or may not care.

BTW, you consistently use "type* ptr" , but * is right-associative, so
the correct notation would be "type *ptr".  It makes no difference to
the compiler, but to the human reader, it indicates that the * applies
to the identifier and not to the type.  For instance, "type* p1, p2"
incorrectly suggests that both p1 and p2 are pointers, when in fact only
p1 is a pointer; "type *p1, p2" makes the difference clearer.

DES
-- 
Dag-Erling Smørgrav - des at des.no