diff options
| author | Vladimír Čunát <vladimir.cunat@nic.cz> | 2023-02-21 15:35:14 +0100 |
|---|---|---|
| committer | Vladimír Čunát <vladimir.cunat@nic.cz> | 2023-03-10 10:54:40 +0100 |
| commit | 01810935857d7c039d527e0f1ca31200c8643cdb (patch) | |
| tree | 8555f310908960341ed43e939fb443bef7fa32aa | |
| parent | daemon/tls_ephemeral_credentials nit: improve cert serial (diff) | |
| download | knot-resolver-01810935857d7c039d527e0f1ca31200c8643cdb.tar.xz knot-resolver-01810935857d7c039d527e0f1ca31200c8643cdb.zip | |
view: fix destination-based matching
Apparently it's never worked since its introduction.
.addr is non-nil exactly when .dst_addr is non-nil
(which hapens iff the query originated externally).
Now we have semantics which was probably intended by the original code
(982162956a from 2016) but that semantics is still problematic
if you need both kinds of matching in a single request from client.
This matching by destination has never made it to docs,
so let's just add this simple fixup for now, and later
we'll steer users to new policy configuration anyway.
| -rw-r--r-- | modules/view/view.lua | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/view/view.lua b/modules/view/view.lua index f5e18626..d704384d 100644 --- a/modules/view/view.lua +++ b/modules/view/view.lua @@ -69,8 +69,9 @@ local function evaluate(state, req) if execute(state, req, match_cb) then return end end end + end -- Finally try :addr by the destination. - elseif req.qsource.dst_addr ~= nil then + if req.qsource.dst_addr ~= nil then for i = 1, #view.dst do local pair = view.dst[i] if match_subnet(pair[1], pair[2], pair[3], req.qsource.dst_addr) then |