On Thu, Aug 03, 2023 at 09:35:16PM +0200, Thomas Haller wrote: > getaddrinfo() blocks while trying to resolve the name. Blocking the > caller of the library is in many cases undesirable. Also, while > reconfiguring the firewall, it's not clear that resolving names via > the network will work or makes sense. > > Add a new input flag NFT_CTX_INPUT_NO_DNS to opt-out from getaddrinfo() > and only accept plain IP addresses. > > We could also use AI_NUMERICHOST with getaddrinfo() instead of > inet_pton(). By parsing via inet_pton(), we are better aware of > what we expect and can generate a better error message in case of > failure. > > Signed-off-by: Thomas Haller <thaller@xxxxxxxxxx> Reviewed-by: Phil Sutter <phil@xxxxxx>
