From 098af83c8596e0fef144c8f6cd5a0d4c679aa16a Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Thu, 6 Feb 2020 19:08:22 +0100 Subject: [PATCH] unbound: extend ACL to delegatable prefix #3797 Maybe this is wishful thinking: if the prefix changes the whole idea falls apart anyway. --- src/etc/inc/plugins.inc.d/unbound.inc | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/etc/inc/plugins.inc.d/unbound.inc b/src/etc/inc/plugins.inc.d/unbound.inc index d40f38c01..d0da1249d 100644 --- a/src/etc/inc/plugins.inc.d/unbound.inc +++ b/src/etc/inc/plugins.inc.d/unbound.inc @@ -2,7 +2,7 @@ /* * Copyright (C) 2018 Fabian Franz - * Copyright (C) 2015-2019 Franco Fichtner + * Copyright (C) 2015-2020 Franco Fichtner * Copyright (C) 2015 Manuel Faux * Copyright (C) 2014 Warren Baker * Copyright (C) 2004-2007 Scott Ullrich @@ -730,19 +730,28 @@ function unbound_acls_subnets() } } + /* expand subnet for DHCPv6 trackers */ + foreach (array_keys($active_interfaces) as $if) { + if (isset($config['interfaces'][$if]['track6-interface'])) { + $realif = get_real_interface($if, 'inet6'); + $active_interfaces[$realif] = []; + $active_interfaces[$realif]['net6'] = 64 - calculate_ipv6_delegation_length($config['interfaces'][$if]['track6-interface']); + } + } + /* add our networks for active interfaces including localhost */ $subnets = array('127.0.0.1/8', '::1/64'); foreach (interfaces_addresses(array_keys($active_interfaces), true) as $subnet => $info) { if (!empty($active_interfaces[$info['name']]['net4']) && is_subnetv4($subnet)) { $subnet = explode('/', $subnet)[0] . '/' . $active_interfaces[$info['name']]['net4']; - } elseif (!empty($active_interfaces[$info['name']]['net6']) && is_subnetv6($subnet)) { + } elseif (!empty($active_interfaces[$info['name']]['net6']) && is_subnetv6($subnet) && !$info['scope']) { $subnet = explode('/', $subnet)[0] . '/' . $active_interfaces[$info['name']]['net6']; } $subnets[] = $subnet; } - return $subnets; + return array_unique($subnets); } function unbound_acls_config()