[Git][NTPsec/ntpsec][master] Fix for issue #334 - restrictions using ephemeral copy of address.
Hal Murray
gitlab at mg.gitlab.com
Sat Jun 3 10:13:56 UTC 2017
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
94fbd819 by Hal Murray at 2017-06-03T03:10:41-07:00
Fix for issue #334 - restrictions using ephemeral copy of address.
- - - - -
1 changed file:
- ntpd/ntp_proto.c
Changes:
=====================================
ntpd/ntp_proto.c
=====================================
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -2455,15 +2455,16 @@ dns_take_server(
msyslog(LOG_INFO, "Server taking: %s", socktoa(rmtadr));
server->flags &= (unsigned)~FLAG_DNS;
- restrict_mask = restrictions(rmtadr);
+ server->srcadr = *rmtadr;
+
+ restrict_mask = restrictions(&server->srcadr);
if (RES_FLAGS & restrict_mask) {
msyslog(LOG_INFO, "Server poking hole in restrictions for: %s",
- socktoa(rmtadr));
- restrict_source(rmtadr, false, 0);
+ socktoa(&server->srcadr));
+ restrict_source(&server->srcadr, false, 0);
}
- server->srcadr = *rmtadr;
- server->dstadr = findinterface(rmtadr);
+ server->dstadr = findinterface(&server->srcadr);
if (NULL == server->dstadr)
msyslog(LOG_ERR, "dns_take_server: can't find interface for %s", server->hostname);
server->hpoll = server->minpoll;
@@ -2495,15 +2496,6 @@ dns_take_pool(
msyslog(LOG_INFO, "Pool taking: %s", socktoa(rmtadr));
- restrict_mask = restrictions(rmtadr);
- /* FIXME-DNS: RES_FLAGS includes RES_DONTSERVE?? */
- if (RES_FLAGS & restrict_mask) {
- msyslog(LOG_INFO, "Pool poking hole in restrictions for: %s",
- socktoa(rmtadr));
- restrict_source(rmtadr, false,
- current_time + POOL_SOLICIT_WINDOW + 1);
- }
-
lcladr = findinterface(rmtadr);
peer = newpeer(rmtadr, NULL, lcladr,
MODE_CLIENT, pool->version,
@@ -2513,6 +2505,15 @@ dns_take_pool(
peer_xmit(peer);
poll_update(peer, peer->hpoll);
+ restrict_mask = restrictions(&peer->srcadr);
+ /* FIXME-DNS: RES_FLAGS includes RES_DONTSERVE?? */
+ if (RES_FLAGS & restrict_mask) {
+ msyslog(LOG_INFO, "Pool poking hole in restrictions for: %s",
+ socktoa(&peer->srcadr));
+ restrict_source(&peer->srcadr, false,
+ current_time + POOL_SOLICIT_WINDOW + 1);
+ }
+
DPRINTF(1, ("transmit: at %lu %s->%s pool\n",
current_time, latoa(lcladr), socktoa(rmtadr)));
}
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/94fbd819be3268f5ecb49dec290e2d0e86c8ccd4
---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/94fbd819be3268f5ecb49dec290e2d0e86c8ccd4
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170603/e8583d1f/attachment.html>
More information about the vc
mailing list