Maintained by: NLnet Labs

[patch] insecure-lan-zones

W.C.A. Wijngaards
Tue Feb 9 14:33:45 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Dag-Erling,

On 07/02/16 00:29, Dag-Erling Smørgrav via Unbound-users wrote:
> Dag-Erling Smørgrav <des at des.no> writes:
>> When using unblock-lan-zones, you will more likely than not also
>> need to disable validation for these zones.  The attached patch
>> adds a new configuration option, insecure-lan-zones, which adds
>> all AS112 zones to the list of insecure domains.  Note that it
>> moves the list of AS112 zones, which is currently hardcoded in
>> services/localzone.c, into an array in util/as112.c.

Thank you for the patch, I have applied it to the source code!  I like
the as112 array separation; makes it easier to maintain.

> 
> I just found an error in the patch: to avoid "cast discards
> qualifier" warnings, as112_zones should be declared as "const
> char**" and not const "char* const*" (the definition of "equivalent
> types" in C makes it hard to use the correct type for const arrays
> of pointers to const objects, so the simplest solution is to not
> declare them as const).  Your compiler may or may not care.

I'll go for portable, thank you for the hint.

> 
> BTW, you consistently use "type* ptr" , but * is right-associative,
> so the correct notation would be "type *ptr".  It makes no
> difference to the compiler, but to the human reader, it indicates
> that the * applies to the identifier and not to the type.  For
> instance, "type* p1, p2" incorrectly suggests that both p1 and p2
> are pointers, when in fact only p1 is a pointer; "type *p1, p2"
> makes the difference clearer.

Yes, you are correct, I simply used this notation while writing it.
The code sometimes also uses your notation in places, depending on the
author.

Automake, tried it, but getting all the conditional options configured
into automake is hard, and the initial automake-file that I ended up
with lost too much (most of the-) functionality of the original
Makefile.  I thereafter rewrote the Makefile system to no longer
depend on gnu-make, but be portably compatible with bsd-make (and
sun-make).  This resolved the practical necessity.  But now we still
do not use automake.

Best regards, Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWueq1AAoJEJ9vHC1+BF+NE6UP/0R/x/f3l7nDEmJkY2528Jbd
ujq0foZIBdzQmOP+NdCiFODIR8azoRdjBIKY6QYMNbZzmO8VN9Ayz92mEz5UGa+5
x5qZGZggrUUEUp6JdLtzsopyukCbpU/9iLAYW3eClwqHPPVFwQUuYlYPdJl5oCrs
gFD0msncN8XWnsW7jlmJeaE0DFvUTWg6CZMniY5qmEQLyy38qjFg2R7JldDMgeQe
9xlbC3DOqpoO9tdYwtdcJuRAzE+NfE0Z7GF4ruU6yybrhzjkgH0mE3a0U7/byNH3
jrbOcrf+6B/aSz82YPFZgvyXO1H33H0wEAPd2vQbS9Us8fzUsXSKAZPmuW1OPwLK
DQ5O8FvWP8U6tsrfQv1JUWasb9Pwd7jlDq0Ga4eS1OL0nwR2/1luiiDheVeKVlzz
oR3qm2oCbbdg5o3MhGZDdMckiUaendpGmPQAVmoXIIYB7Z7ZJA5QiJkYsfuyb9Ae
mmeyB5CEaH5olYclLcHvOqjhnSCNkjtrwiG3LmSxwVcSQQ6QW0av5ZM2auMG4KPp
TSBs7KmzuFP4RDIpYlnBxYy0YFNG5kPz41h2bm8kUx/d9RklMut+Po4EYD9pCDSq
r8FR+n/m8J0W/e6uMqfmONY/gtIK105kmvqPG6DtHJ11EWCxsCgDMMLozKBwBdAf
FTU+O8pxKAGMEG7xC8Z5
=vjxe
-----END PGP SIGNATURE-----