BIND 10 #998: IP based ACL check

BIND 10 Development do-not-reply at isc.org
Tue Jun 21 07:50:32 UTC 2011 

#998: IP based ACL check
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:  jinmei
  vorner                             |                Status:  reviewing
                       Type:  task   |             Milestone:
                   Priority:  major  |  Sprint-20110628
                  Component:         |            Resolution:
  Unclassified                       |             Sensitive:  0
                   Keywords:         |           Sub-Project:  DNS
            Defect Severity:  N/A    |  Estimated Difficulty:  5.0
Feature Depending on Ticket:         |           Total Hours:  0
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------

Comment (by jinmei):

 A comprehensive review is ongoing, but here are some intermediate results
 (dumping it to possibly maximize work concurrency):

 '''general'''

 - Maybe a matter of preference, but I'd use the term "prefix" instead of
   (address+)netmask unless we want to support non contiguous network
   masks.  IMO it's more intuitive.  I'd also note that there's even no
   term of "netmask" in IPv6 terminologies (there are only "prefixes").
   (note: of course, we'll have to internally convert a prefix length to
   something like net masks for match operations.  this comment is about
   public interface and public documentation wording)
 - maybe we want to have a keyword "any" (or perhaps "any4"/"any6")
 - on a related note, I guess we'd probably want to use 0-length prefix to
   indicate an "any" match.

 == createNetmask ==
 - should this be public?  the intended use of it seems to be very
   limited (and we are not supposed to provide a generic bitmask
   manipulation library, are we?).  hmmm, is this perhaps for testing?
   If so, I see the point, but in that case I'd clarify the intent and
   that it's not expected to be used outside of this file (e.g.,
   compatibility won't be ensured).  I'd also introduce a specific
   namespace like "detail" to further clarify the intent.
 - I suspect this should be "w-m < w" (at least the current expression
   doesn't make sense to me):
 {{{
         // Final note: at this point in the logic, m is non-zero, so w-m <
 m.
 }}}
 - For exception, I'd use \exception markup (that would also be helpful
   for my work-in-progress automatic C++ to pydoc converter script).
   (although this point may become moot if it's changed to non public).
   Same general comment applies to anywhere else in this branch, so I
   won't repeat.

-- 
Ticket URL: <http://bind10.isc.org/ticket/998#comment:17>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list