upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

remove all support for legacy GeoIP

Browse source
This commit is contained in:
Evan Hunt 2019-06-27 21:08:20 -07:00
parent c01679142a
commit 787f2a7e03
67 changed files with 85 additions and 3985 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
bin/named/Makefile.in
View file

@ -88,12 +88,11 @@ SUBDIRS = unix
TARGETS = named@EXEEXT@
GEOIPLINKOBJS = geoip.@O@
GEOIP2LINKOBJS = geoip.@O@
OBJS = builtin.@O@ config.@O@ control.@O@ \
controlconf.@O@ fuzz.@O@ \
@GEOIPLINKOBJS@ @GEOIP2LINKOBJS@ \
@GEOIP2LINKOBJS@ \
log.@O@ logconf.@O@ main.@O@ \
server.@O@ statschannel.@O@ \
tkeyconf.@O@ tsigconf.@O@ zoneconf.@O@ \
@ -103,12 +102,11 @@ UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@
SYMOBJS = symtbl.@O@
GEOIPLINKSRCS = geoip.c
GEOIP2LINKSRCS = geoip.c
SRCS = builtin.c config.c control.c \
controlconf.c fuzz.c \
@GEOIPLINKSRCS@ @GEOIP2LINKSRCS@ \
@GEOIP2LINKSRCS@ \
log.c logconf.c main.c \
server.c statschannel.c \
tkeyconf.c tsigconf.c zoneconf.c \

109
bin/named/geoip.c
View file

@ -13,9 +13,6 @@
#if defined(HAVE_GEOIP2)
#include <maxminddb.h>
#elif defined(HAVE_GEOIP)
#include <GeoIP.h>
#include <GeoIPCity.h>
#endif
#include <isc/print.h>
@ -29,62 +26,7 @@
static dns_geoip_databases_t geoip_table = DNS_GEOIP_DATABASE_INIT;
#if defined(HAVE_GEOIP)
static void
init_geoip_db(void **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback,
GeoIPOptions method, const char *name)
{
char *info;
GeoIP *db;
REQUIRE(dbp != NULL);
db = (GeoIP *)*dbp;
if (db != NULL) {
GeoIP_delete(db);
db = *dbp = NULL;
}
if (! GeoIP_db_avail(edition)) {
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
"GeoIP %s (type %d) DB not available", name, edition);
goto fail;
}
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
"initializing GeoIP %s (type %d) DB", name, edition);
db = GeoIP_open_type(edition, method);
if (db == NULL) {
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR,
"failed to initialize GeoIP %s (type %d) DB%s",
name, edition, fallback == 0
? "geoip matches using this database will fail" : "");
goto fail;
}
info = GeoIP_database_info(db);
if (info != NULL) {
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
"%s", info);
free(info);
}
*dbp = db;
return;
fail:
if (fallback != 0) {
init_geoip_db(dbp, fallback, 0, method, name);
}
}
#elif defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
static MMDB_s geoip_country, geoip_city, geoip_as, geoip_isp, geoip_domain;
static MMDB_s *
@ -122,13 +64,10 @@ open_geoip2(const char *dir, const char *dbfile, MMDB_s *mmdb) {
void
named_geoip_init(void) {
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
if (named_g_geoip == NULL) {
named_g_geoip = &geoip_table;
}
#if defined(HAVE_GEOIP)
GeoIP_cleanup();
#endif
#else
return;
#endif
@ -163,50 +102,6 @@ named_geoip_load(char *dir) {
named_g_geoip->isp = open_geoip2(dir, "GeoIP2-ISP.mmdb", &geoip_isp);
named_g_geoip->domain = open_geoip2(dir, "GeoIP2-Domain.mmdb",
&geoip_domain);
#elif defined(HAVE_GEOIP)
GeoIPOptions method;
#ifdef _WIN32
method = GEOIP_STANDARD;
#else
method = GEOIP_MMAP_CACHE;
#endif
named_geoip_init();
if (dir != NULL) {
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
"using \"%s\" as GeoIP directory", dir);
GeoIP_setup_custom_directory(dir);
}
init_geoip_db(&named_g_geoip->country_v4, GEOIP_COUNTRY_EDITION, 0,
method, "Country (IPv4)");
#ifdef HAVE_GEOIP_V6
init_geoip_db(&named_g_geoip->country_v6, GEOIP_COUNTRY_EDITION_V6, 0,
method, "Country (IPv6)");
#endif
init_geoip_db(&named_g_geoip->city_v4, GEOIP_CITY_EDITION_REV1,
GEOIP_CITY_EDITION_REV0, method, "City (IPv4)");
#if defined(HAVE_GEOIP_V6) && defined(HAVE_GEOIP_CITY_V6)
init_geoip_db(&named_g_geoip->city_v6, GEOIP_CITY_EDITION_REV1_V6,
GEOIP_CITY_EDITION_REV0_V6, method, "City (IPv6)");
#endif
init_geoip_db(&named_g_geoip->region, GEOIP_REGION_EDITION_REV1,
GEOIP_REGION_EDITION_REV0, method, "Region");
init_geoip_db(&named_g_geoip->isp, GEOIP_ISP_EDITION, 0,
method, "ISP");
init_geoip_db(&named_g_geoip->org, GEOIP_ORG_EDITION, 0,
method, "Org");
init_geoip_db(&named_g_geoip->as, GEOIP_ASNUM_EDITION, 0,
method, "AS");
init_geoip_db(&named_g_geoip->domain, GEOIP_DOMAIN_EDITION, 0,
method, "Domain");
init_geoip_db(&named_g_geoip->netspeed, GEOIP_NETSPEED_EDITION, 0,
method, "NetSpeed");
#else
UNUSED(dir);

2
bin/named/include/named/globals.h
View file

@ -154,7 +154,7 @@ EXTERN bool named_g_keepstderr INIT(false);
EXTERN unsigned int named_g_tat_interval INIT(24*3600);
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
EXTERN dns_geoip_databases_t *named_g_geoip INIT(NULL);
#endif

18
bin/named/server.c
View file

@ -105,9 +105,9 @@
#include <named/config.h>
#include <named/control.h>
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
#include <named/geoip.h>
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
#include <named/log.h>
#include <named/logconf.h>
#include <named/main.h>
@ -8261,7 +8261,7 @@ load_configuration(const char *filename, named_server_t *server,
}
isc_socketmgr_setreserved(named_g_socketmgr, reserved);
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
/*
* Initialize GeoIP databases from the configured location.
* This should happen before configuring any ACLs, so that we
@ -8278,7 +8278,7 @@ load_configuration(const char *filename, named_server_t *server,
named_geoip_load(NULL);
}
named_g_aclconfctx->geoip = named_g_geoip;
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
/*
* Configure various server options.
@ -9492,7 +9492,7 @@ run_server(isc_task_t *task, isc_event_t *event) {
dns_dispatchmgr_setstats(named_g_dispatchmgr, server->resolverstats);
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
geoip = named_g_geoip;
#else
geoip = NULL;
@ -9626,9 +9626,9 @@ shutdown_server(isc_task_t *task, isc_event_t *event) {
#ifdef HAVE_DNSTAP
dns_dt_shutdown();
#endif
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
named_geoip_shutdown();
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
dns_db_detach(&server->in_roothints);
@ -9744,14 +9744,14 @@ named_server_create(isc_mem_t *mctx, named_server_t **serverp) {
&server->sctx),
"creating server context");
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
/*
* GeoIP must be initialized before the interface
* manager (which includes the ACL environment)
* is created
*/
named_geoip_init();
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
#ifdef ENABLE_AFL
server->sctx->fuzztype = named_g_fuzz_type;

2
bin/tests/system/conf.sh.common
View file

@ -63,7 +63,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \
dns64 dscp dsdigest dyndb \
ednscompliance emptyzones \
fetchlimit filter-aaaa formerr forward \
geoip geoip2 glue idna inline integrity ixfr \
geoip2 glue idna inline integrity ixfr \
keepalive legacy limits \
masterfile masterformat metadata mirror mkeys \
names notify nslookup nsupdate nzd2nzf \

10
bin/tests/system/feature-test.c
View file

@ -40,7 +40,7 @@ usage() {
fprintf(stderr, " --gethostname\n");
fprintf(stderr, " --gssapi\n");
fprintf(stderr, " --have-dlopen\n");
fprintf(stderr, " --have-geoip\n");
fprintf(stderr, " --have-geoip2\n");
fprintf(stderr, " --have-libxml2\n");
fprintf(stderr, " --ipv6only=no\n");
fprintf(stderr, " --with-idn\n");
@ -117,14 +117,6 @@ main(int argc, char **argv) {
#endif
}
if (strcmp(argv[1], "--have-geoip") == 0) {
#ifdef HAVE_GEOIP
return (0);
#else
return (1);
#endif
}
if (strcmp(argv[1], "--have-geoip2") == 0) {
#ifdef HAVE_GEOIP2
return (0);

20
bin/tests/system/geoip/clean.sh
View file

@ -1,20 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
rm -f ns2/named.conf
rm -f ns2/example*.db
rm -f dig.out.* rndc.out.*
rm -f data2/*dat
[ -d data2 ] && rmdir data2
rm -f ns?/named.run
rm -f ns?/named.memstats
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind* ns*/*.mkeys*

8
bin/tests/system/geoip/data/GeoIP.csv
View file

@ -1,8 +0,0 @@
10.53.0.1/32 AU
10.53.0.2/32 US
10.53.0.3/32 GB
10.53.0.4/32 CA
10.53.0.5/32 CL
10.53.0.6/32 DE
10.53.0.7/32 EH
192.0.2/24 O1
1 10.53.0.1/32 AU
2 10.53.0.2/32 US
3 10.53.0.3/32 GB
4 10.53.0.4/32 CA
5 10.53.0.5/32 CL
6 10.53.0.6/32 DE
7 10.53.0.7/32 EH
8 192.0.2/24 O1

BIN
bin/tests/system/geoip/data/GeoIP.dat
View file

Binary file not shown.

7
bin/tests/system/geoip/data/GeoIPASNum.csv
View file

@ -1,7 +0,0 @@
10.53.0.1/32 AS100001 One Systems, Inc.
10.53.0.2/32 AS100002 Two Technology Ltd.
10.53.0.3/32 AS100003 Three Network Labs
10.53.0.4/32 AS100004 Four University
10.53.0.5/32 AS100005 Five Telecom
10.53.0.6/32 AS100006 Six Company
10.53.0.7/32 AS100007 Seven Communications
1 10.53.0.1/32 AS100001 One Systems, Inc.
2 10.53.0.2/32 AS100002 Two Technology Ltd.
3 10.53.0.3/32 AS100003 Three Network Labs
4 10.53.0.4/32 AS100004 Four University
5 10.53.0.5/32 AS100005 Five Telecom
6 10.53.0.6/32 AS100006 Six Company
7 10.53.0.7/32 AS100007 Seven Communications

BIN
bin/tests/system/geoip/data/GeoIPASNum.dat
View file

Binary file not shown.

7
bin/tests/system/geoip/data/GeoIPASNumv6.csv
View file

@ -1,7 +0,0 @@
fd92:7065:b8e:ffff::1/128,AS100001 One Systems, Inc.
fd92:7065:b8e:ffff::2/128,AS100002 Two Technology Ltd.
fd92:7065:b8e:ffff::3/128,AS100003 Three Network Labs
fd92:7065:b8e:ffff::4/128,AS100004 Four University
fd92:7065:b8e:ffff::5/128,AS100005 Five Telecom
fd92:7065:b8e:ffff::6/128,AS100006 Six Company
fd92:7065:b8e:ffff::7/128,AS100007 Seven Communications
1 fd92:7065:b8e:ffff::1/128,AS100001 One Systems, Inc.
2 fd92:7065:b8e:ffff::2/128,AS100002 Two Technology Ltd.
3 fd92:7065:b8e:ffff::3/128,AS100003 Three Network Labs
4 fd92:7065:b8e:ffff::4/128,AS100004 Four University
5 fd92:7065:b8e:ffff::5/128,AS100005 Five Telecom
6 fd92:7065:b8e:ffff::6/128,AS100006 Six Company
7 fd92:7065:b8e:ffff::7/128,AS100007 Seven Communications

BIN
bin/tests/system/geoip/data/GeoIPASNumv6.dat
View file

Binary file not shown.

7
bin/tests/system/geoip/data/GeoIPCity.csv
View file

@ -1,7 +0,0 @@
10.53.0.1/32,US,CA,"Redwood City",94063,37.4914,-122.2110,807,650
10.53.0.2/32,US,CA,"Santa Cruz",95060,37.0448,-122.1021,828,831
10.53.0.3/32,US,OK,"Oklahoma City",73120,35.5798,-97.5731,650,405
10.53.0.4/32,US,VA,Ashland,23005,37.7563,-77.4888,556,804
10.53.0.5/32,US,GA,Atlanta,30345,33.8477,-84.2814,524,404
10.53.0.6/32,US,CO,Morrison,80465,39.6081,-105.2072,751,303
10.53.0.7/32,US,AK,Ketchikan,99901,55.6153,-131.5848,747,907
1 10.53.0.1/32 US CA Redwood City 94063 37.4914 -122.2110 807 650
2 10.53.0.2/32 US CA Santa Cruz 95060 37.0448 -122.1021 828 831
3 10.53.0.3/32 US OK Oklahoma City 73120 35.5798 -97.5731 650 405
4 10.53.0.4/32 US VA Ashland 23005 37.7563 -77.4888 556 804
5 10.53.0.5/32 US GA Atlanta 30345 33.8477 -84.2814 524 404
6 10.53.0.6/32 US CO Morrison 80465 39.6081 -105.2072 751 303
7 10.53.0.7/32 US AK Ketchikan 99901 55.6153 -131.5848 747 907

BIN
bin/tests/system/geoip/data/GeoIPCity.dat
View file

Binary file not shown.

7
bin/tests/system/geoip/data/GeoIPCityv6.csv
View file

@ -1,7 +0,0 @@
"fd92:7065:b8e:ffff::1","fd92:7065:b8e:ffff::1","US","CA","Redwood City","94063",37.4914,-122.2110,807,650
"fd92:7065:b8e:ffff::2","fd92:7065:b8e:ffff::2","US","CA","Santa Cruz","95060",37.0448,-122.1021,828,831
"fd92:7065:b8e:ffff::3","fd92:7065:b8e:ffff::3","US","OK","Oklahoma City","73120",35.5798,-97.5731,650,405
"fd92:7065:b8e:ffff::4","fd92:7065:b8e:ffff::4","DE","07","Lotte","",52.2833,7.9167,0,0
"fd92:7065:b8e:ffff::5","fd92:7065:b8e:ffff::5","US","GA","Atlanta","30345",33.8477,-84.2814,524,404
"fd92:7065:b8e:ffff::6","fd92:7065:b8e:ffff::6","US","CO","Morrison","80465",39.6081,-105.2072,751,303
"fd92:7065:b8e:ffff::7","fd92:7065:b8e:ffff::7","US","AK","Ketchikan","99901",55.6153,-131.5848,747,907
1 fd92:7065:b8e:ffff::1 fd92:7065:b8e:ffff::1 US CA Redwood City 94063 37.4914 -122.2110 807 650
2 fd92:7065:b8e:ffff::2 fd92:7065:b8e:ffff::2 US CA Santa Cruz 95060 37.0448 -122.1021 828 831
3 fd92:7065:b8e:ffff::3 fd92:7065:b8e:ffff::3 US OK Oklahoma City 73120 35.5798 -97.5731 650 405
4 fd92:7065:b8e:ffff::4 fd92:7065:b8e:ffff::4 DE 07 Lotte 52.2833 7.9167 0 0
5 fd92:7065:b8e:ffff::5 fd92:7065:b8e:ffff::5 US GA Atlanta 30345 33.8477 -84.2814 524 404
6 fd92:7065:b8e:ffff::6 fd92:7065:b8e:ffff::6 US CO Morrison 80465 39.6081 -105.2072 751 303
7 fd92:7065:b8e:ffff::7 fd92:7065:b8e:ffff::7 US AK Ketchikan 99901 55.6153 -131.5848 747 907

BIN
bin/tests/system/geoip/data/GeoIPCityv6.dat
View file

Binary file not shown.

7
bin/tests/system/geoip/data/GeoIPDomain.csv
View file

@ -1,7 +0,0 @@
10.53.0.1/32 one.de
10.53.0.2/32 two.com
10.53.0.3/32 three.com
10.53.0.4/32 four.com
10.53.0.5/32 five.es
10.53.0.6/32 six.it
10.53.0.7/32 seven.org
1 10.53.0.1/32 one.de
2 10.53.0.2/32 two.com
3 10.53.0.3/32 three.com
4 10.53.0.4/32 four.com
5 10.53.0.5/32 five.es
6 10.53.0.6/32 six.it
7 10.53.0.7/32 seven.org

BIN
bin/tests/system/geoip/data/GeoIPDomain.dat
View file

Binary file not shown.

7
bin/tests/system/geoip/data/GeoIPISP.csv
View file

@ -1,7 +0,0 @@
10.53.0.1/32 One Systems, Inc.
10.53.0.2/32 Two Technology Ltd.
10.53.0.3/32 Three Network Labs
10.53.0.4/32 Four University
10.53.0.5/32 Five Telecom
10.53.0.6/32 Six Company
10.53.0.7/32 Seven Communications
1 10.53.0.1/32 One Systems, Inc.
2 10.53.0.2/32 Two Technology Ltd.
3 10.53.0.3/32 Three Network Labs
4 10.53.0.4/32 Four University
5 10.53.0.5/32 Five Telecom
6 10.53.0.6/32 Six Company
7 10.53.0.7/32 Seven Communications

BIN
bin/tests/system/geoip/data/GeoIPISP.dat
View file

Binary file not shown.

7
bin/tests/system/geoip/data/GeoIPNetSpeed.csv
View file

@ -1,7 +0,0 @@
10.53.0.1/32 0
10.53.0.2/32 1
10.53.0.3/32 2
10.53.0.4/32 3
10.53.0.5/32 0
10.53.0.6/32 1
10.53.0.7/32 2
1 10.53.0.1/32 0
2 10.53.0.2/32 1
3 10.53.0.3/32 2
4 10.53.0.4/32 3
5 10.53.0.5/32 0
6 10.53.0.6/32 1
7 10.53.0.7/32 2

BIN
bin/tests/system/geoip/data/GeoIPNetSpeed.dat
View file

Binary file not shown.

7
bin/tests/system/geoip/data/GeoIPOrg.csv
View file

@ -1,7 +0,0 @@
10.53.0.1/32 One Systems, Inc.
10.53.0.2/32 Two Technology Ltd.
10.53.0.3/32 Three Network Labs
10.53.0.4/32 Four University
10.53.0.5/32 Five Telecom
10.53.0.6/32 Six Company
10.53.0.7/32 Seven Communications
1 10.53.0.1/32 One Systems, Inc.
2 10.53.0.2/32 Two Technology Ltd.
3 10.53.0.3/32 Three Network Labs
4 10.53.0.4/32 Four University
5 10.53.0.5/32 Five Telecom
6 10.53.0.6/32 Six Company
7 10.53.0.7/32 Seven Communications

BIN
bin/tests/system/geoip/data/GeoIPOrg.dat
View file

Binary file not shown.

7
bin/tests/system/geoip/data/GeoIPRegion.csv
View file

@ -1,7 +0,0 @@
10.53.0.1/32 US CA
10.53.0.2/32 CA BC
10.53.0.3/32 US OK
10.53.0.4/32 AU
10.53.0.5/32 US CO
10.53.0.6/32 CA ON
10.53.0.7/32 NL
1 10.53.0.1/32 US CA
2 10.53.0.2/32 CA BC
3 10.53.0.3/32 US OK
4 10.53.0.4/32 AU
5 10.53.0.5/32 US CO
6 10.53.0.6/32 CA ON
7 10.53.0.7/32 NL

BIN
bin/tests/system/geoip/data/GeoIPRegion.dat
View file

Binary file not shown.

7
bin/tests/system/geoip/data/GeoIPv6.csv
View file

@ -1,7 +0,0 @@
"fd92:7065:b8e:ffff::1/128",AU
"fd92:7065:b8e:ffff::2/128",US
"fd92:7065:b8e:ffff::3/128",GB
"fd92:7065:b8e:ffff::4/128",CA
"fd92:7065:b8e:ffff::5/128",CL
"fd92:7065:b8e:ffff::6/128",DE
"fd92:7065:b8e:ffff::7/128",EH
1 fd92:7065:b8e:ffff::1/128 AU
2 fd92:7065:b8e:ffff::2/128 US
3 fd92:7065:b8e:ffff::3/128 GB
4 fd92:7065:b8e:ffff::4/128 CA
5 fd92:7065:b8e:ffff::5/128 CL
6 fd92:7065:b8e:ffff::6/128 DE
7 fd92:7065:b8e:ffff::7/128 EH

BIN
bin/tests/system/geoip/data/GeoIPv6.dat
View file

Binary file not shown.

34
bin/tests/system/geoip/data/README
View file

@ -1,34 +0,0 @@
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
The data data files in this directory are sample GeoIP databases,
generated from the corresponding CSV files. Thanks to MaxMind, Inc.
for assistance with producing these files.
Unless otherwise noted, the databases only support IPv4:
GeoIP.dat: Country (IPv4)
GeoIPv6.dat: Country (IPv6)
GeoIPCity.dat: City (IPv4)
GeoIPCityv6.dat: City (IPv6)
GeoIPRegion.dat: Region
GeoIPISP.dat: ISP
GeoIPOrg.dat: Organization
GeoIPDoain.dat: Domain Name
GeoIPASNum.dat: AS Number
GeoIPNetSpeed.dat: Net Speed
GeoIP.dat can also be egenerated using the open source 'geoip-csv-to-dat'
utility (also known in some packages as "geoip-generator"):
$ geoip-csv-to-dat -i "BIND9 geoip test data v1" -o GeoIP.dat << EOF
"10.53.0.1","10.53.0.1","171245569","171245569","AU","Australia"
"10.53.0.2","10.53.0.2","171245570","171245570","US","United States"
"10.53.0.3","10.53.0.3","171245571","171245571","GB","United Kingdom"
"10.53.0.4","10.53.0.4","171245572","171245572","CA","Canada"
"10.53.0.5","10.53.0.5","171245573","171245573","CL","Chile"
"10.53.0.6","10.53.0.6","171245574","171245574","DE","Germany"
"10.53.0.7","10.53.0.7","171245575","171245575","EH","Western Sahara"
"192.0.2.0","192.0.2.255","3221225984","3221226239","O1","Other"
EOF

19
bin/tests/system/geoip/ns2/example.db.in
View file

@ -1,19 +0,0 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
2000042407 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns2
ns2 A 10.53.0.2

106
bin/tests/system/geoip/ns2/named1.conf.in
View file

@ -1,106 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
geoip-directory "../data";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
view one {
match-clients { geoip db country country AU; };
zone "example" {
type master;
file "example1.db";
};
};
view two {
match-clients { geoip db country country US; };
zone "example" {
type master;
file "example2.db";
};
};
view three {
match-clients { geoip db country country GB; };
zone "example" {
type master;
file "example3.db";
};
};
view four {
match-clients { geoip db country country CA; };
zone "example" {
type master;
file "example4.db";
};
};
view five {
match-clients { geoip db country country CL; };
zone "example" {
type master;
file "example5.db";
};
};
view six {
match-clients { geoip db country country DE; };
zone "example" {
type master;
file "example6.db";
};
};
view seven {
match-clients { geoip db country country EH; };
zone "example" {
type master;
file "example7.db";
};
};
view other {
match-clients { geoip db country country O1; };
zone "example" {
type master;
file "exampleother.db";
};
};
view none {
match-clients { any; };
zone "example" {
type master;
file "example.db.in";
};
};

98
bin/tests/system/geoip/ns2/named10.conf.in
View file

@ -1,98 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
geoip-directory "../data";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
view one {
match-clients { geoip asnum "AS100001"; };
zone "example" {
type master;
file "example1.db";
};
};
view two {
match-clients { geoip asnum "AS100002"; };
zone "example" {
type master;
file "example2.db";
};
};
view three {
match-clients { geoip asnum "AS100003"; };
zone "example" {
type master;
file "example3.db";
};
};
view four {
match-clients { geoip asnum "AS100004"; };
zone "example" {
type master;
file "example4.db";
};
};
view five {
match-clients { geoip asnum "AS100005"; };
zone "example" {
type master;
file "example5.db";
};
};
view six {
match-clients { geoip asnum "AS100006"; };
zone "example" {
type master;
file "example6.db";
};
};
view seven {
match-clients { geoip asnum "AS100007"; };
zone "example" {
type master;
file "example7.db";
};
};
view none {
match-clients { any; };
zone "example" {
type master;
file "example.db.in";
};
};

98
bin/tests/system/geoip/ns2/named11.conf.in
View file

@ -1,98 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
geoip-directory "../data";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
view one {
match-clients { geoip domain one.de; };
zone "example" {
type master;
file "example1.db";
};
};
view two {
match-clients { geoip domain two.com; };
zone "example" {
type master;
file "example2.db";
};
};
view three {
match-clients { geoip domain three.com; };
zone "example" {
type master;
file "example3.db";
};
};
view four {
match-clients { geoip domain four.com; };
zone "example" {
type master;
file "example4.db";
};
};
view five {
match-clients { geoip domain five.es; };
zone "example" {
type master;
file "example5.db";
};
};
view six {
match-clients { geoip domain six.it; };
zone "example" {
type master;
file "example6.db";
};
};
view seven {
match-clients { geoip domain seven.org; };
zone "example" {
type master;
file "example7.db";
};
};
view none {
match-clients { any; };
zone "example" {
type master;
file "example.db.in";
};
};

74
bin/tests/system/geoip/ns2/named12.conf.in
View file

@ -1,74 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
geoip-directory "../data";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
view one {
match-clients { geoip netspeed 0; };
zone "example" {
type master;
file "example1.db";
};
};
view two {
match-clients { geoip netspeed 1; };
zone "example" {
type master;
file "example2.db";
};
};
view three {
match-clients { geoip netspeed 2; };
zone "example" {
type master;
file "example3.db";
};
};
view four {
match-clients { geoip netspeed 3; };
zone "example" {
type master;
file "example4.db";
};
};
view none {
match-clients { any; };
zone "example" {
type master;
file "example.db.in";
};
};

39
bin/tests/system/geoip/ns2/named13.conf.in
View file

@ -1,39 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
acl blocking {
geoip db country country AU;
};
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
geoip-directory "../data";
blackhole { blocking; };
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};

106
bin/tests/system/geoip/ns2/named14.conf.in
View file

@ -1,106 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 127.0.0.1; 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
geoip-directory "../data";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
acl gAU { geoip db country country AU; };
acl gUS { geoip db country country US; };
acl gGB { geoip db country country GB; };
acl gCA { geoip db country country CA; };
acl gCL { geoip db country country CL; };
acl gDE { geoip db country country DE; };
acl gEH { geoip db country country EH; };
view one {
match-clients { gAU; };
zone "example" {
type master;
file "example1.db";
};
};
view two {
match-clients { gUS; };
zone "example" {
type master;
file "example2.db";
};
};
view three {
match-clients { gGB; };
zone "example" {
type master;
file "example3.db";
};
};
view four {
match-clients { gCA; };
zone "example" {
type master;
file "example4.db";
};
};
view five {
match-clients { gCL; };
zone "example" {
type master;
file "example5.db";
};
};
view six {
match-clients { gDE; };
zone "example" {
type master;
file "example6.db";
};
};
view seven {
match-clients { gEH; };
zone "example" {
type master;
file "example7.db";
};
};
view none {
match-clients { any; };
zone "example" {
type master;
file "examplebogus.db";
};
};

49
bin/tests/system/geoip/ns2/named15.conf.in
View file

@ -1,49 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { fd92:7065:b8e:ffff::2; };
recursion no;
dnssec-validation no;
geoip-directory "../data2";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
view two {
match-clients { geoip country US; };
zone "example" {
type master;
file "../ns2/example2.db";
};
};
view none {
zone "example" {
type master;
file "examplebogus.db";
};
};

98
bin/tests/system/geoip/ns2/named2.conf.in
View file

@ -1,98 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
geoip-directory "../data";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
view one {
match-clients { geoip db country country AUS; };
zone "example" {
type master;
file "example1.db";
};
};
view two {
match-clients { geoip db country country USA; };
zone "example" {
type master;
file "example2.db";
};
};
view three {
match-clients { geoip db country country GBR; };
zone "example" {
type master;
file "example3.db";
};
};
view four {
match-clients { geoip db country country CAN; };
zone "example" {
type master;
file "example4.db";
};
};
view five {
match-clients { geoip db country country CHL; };
zone "example" {
type master;
file "example5.db";
};
};
view six {
match-clients { geoip db country country DEU; };
zone "example" {
type master;
file "example6.db";
};
};
view seven {
match-clients { geoip db country country ESH; };
zone "example" {
type master;
file "example7.db";
};
};
view none {
match-clients { any; };
zone "example" {
type master;
file "example.db.in";
};
};

98
bin/tests/system/geoip/ns2/named3.conf.in
View file

@ -1,98 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
geoip-directory "../data";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
view one {
match-clients { geoip db country country Australia; };
zone "example" {
type master;
file "example1.db";
};
};
view two {
match-clients { geoip db country country "United States"; };
zone "example" {
type master;
file "example2.db";
};
};
view three {
match-clients { geoip db country country "United Kingdom"; };
zone "example" {
type master;
file "example3.db";
};
};
view four {
match-clients { geoip db country country Canada; };
zone "example" {
type master;
file "example4.db";
};
};
view five {
match-clients { geoip db country country Chile; };
zone "example" {
type master;
file "example5.db";
};
};
view six {
match-clients { geoip db country country Germany; };
zone "example" {
type master;
file "example6.db";
};
};
view seven {
match-clients { geoip db country country "Western Sahara"; };
zone "example" {
type master;
file "example7.db";
};
};
view none {
match-clients { any; };
zone "example" {
type master;
file "example.db.in";
};
};

90
bin/tests/system/geoip/ns2/named4.conf.in
View file

@ -1,90 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
geoip-directory "../data";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
view one {
match-clients { geoip region CA; };
zone "example" {
type master;
file "example1.db";
};
};
view three {
match-clients { geoip region OK; };
zone "example" {
type master;
file "example3.db";
};
};
view four {
match-clients { geoip region VA; };
zone "example" {
type master;
file "example4.db";
};
};
view five {
match-clients { geoip region GA; };
zone "example" {
type master;
file "example5.db";
};
};
view six {
match-clients { geoip region CO; };
zone "example" {
type master;
file "example6.db";
};
};
view seven {
match-clients { geoip region AK; };
zone "example" {
type master;
file "example7.db";
};
};
view none {
match-clients { any; };
zone "example" {
type master;
file "example.db.in";
};
};

98
bin/tests/system/geoip/ns2/named5.conf.in
View file

@ -1,98 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
geoip-directory "../data";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
view one {
match-clients { geoip db region region "California"; };
zone "example" {
type master;
file "example1.db";
};
};
view two {
match-clients { geoip db region region "British Columbia"; };
zone "example" {
type master;
file "example2.db";
};
};
view three {
match-clients { geoip db region region "Oklahoma"; };
zone "example" {
type master;
file "example3.db";
};
};
view four {
match-clients { geoip db region country AU; };
zone "example" {
type master;
file "example4.db";
};
};
view five {
match-clients { geoip db region region "Colorado"; };
zone "example" {
type master;
file "example5.db";
};
};
view six {
match-clients { geoip db region region "Ontario"; };
zone "example" {
type master;
file "example6.db";
};
};
view seven {
match-clients { geoip db region country NL; };
zone "example" {
type master;
file "example7.db";
};
};
view none {
match-clients { any; };
zone "example" {
type master;
file "example.db.in";
};
};

98
bin/tests/system/geoip/ns2/named6.conf.in
View file

@ -1,98 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { fd92:7065:b8e:ffff::1; };
recursion no;
dnssec-validation no;
geoip-directory "../data";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
view one {
match-clients { geoip city "Redwood City"; };
zone "example" {
type master;
file "example1.db";
};
};
view two {
match-clients { geoip city "Santa Cruz"; };
zone "example" {
type master;
file "example2.db";
};
};
view three {
match-clients { geoip city "Oklahoma City"; };
zone "example" {
type master;
file "example3.db";
};
};
view four {
match-clients { geoip city "Ashland"; };
zone "example" {
type master;
file "example4.db";
};
};
view five {
match-clients { geoip city "Atlanta"; };
zone "example" {
type master;
file "example5.db";
};
};
view six {
match-clients { geoip city "Morrison"; };
zone "example" {
type master;
file "example6.db";
};
};
view seven {
match-clients { geoip city "Ketchikan"; };
zone "example" {
type master;
file "example7.db";
};
};
view none {
match-clients { any; };
zone "example" {
type master;
file "example.db.in";
};
};

98
bin/tests/system/geoip/ns2/named7.conf.in
View file

@ -1,98 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
geoip-directory "../data";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
view one {
match-clients { geoip isp "One Systems, Inc."; };
zone "example" {
type master;
file "example1.db";
};
};
view two {
match-clients { geoip isp "Two Technology Ltd."; };
zone "example" {
type master;
file "example2.db";
};
};
view three {
match-clients { geoip isp "Three Network Labs"; };
zone "example" {
type master;
file "example3.db";
};
};
view four {
match-clients { geoip isp "Four University"; };
zone "example" {
type master;
file "example4.db";
};
};
view five {
match-clients { geoip isp "Five Telecom"; };
zone "example" {
type master;
file "example5.db";
};
};
view six {
match-clients { geoip isp "Six Company"; };
zone "example" {
type master;
file "example6.db";
};
};
view seven {
match-clients { geoip isp "Seven Communications"; };
zone "example" {
type master;
file "example7.db";
};
};
view none {
match-clients { any; };
zone "example" {
type master;
file "example.db.in";
};
};

98
bin/tests/system/geoip/ns2/named8.conf.in
View file

@ -1,98 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
geoip-directory "../data";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
view one {
match-clients { geoip org "One Systems, Inc."; };
zone "example" {
type master;
file "example1.db";
};
};
view two {
match-clients { geoip org "Two Technology Ltd."; };
zone "example" {
type master;
file "example2.db";
};
};
view three {
match-clients { geoip org "Three Network Labs"; };
zone "example" {
type master;
file "example3.db";
};
};
view four {
match-clients { geoip org "Four University"; };
zone "example" {
type master;
file "example4.db";
};
};
view five {
match-clients { geoip org "Five Telecom"; };
zone "example" {
type master;
file "example5.db";
};
};
view six {
match-clients { geoip org "Six Company"; };
zone "example" {
type master;
file "example6.db";
};
};
view seven {
match-clients { geoip org "Seven Communications"; };
zone "example" {
type master;
file "example7.db";
};
};
view none {
match-clients { any; };
zone "example" {
type master;
file "example.db.in";
};
};

98
bin/tests/system/geoip/ns2/named9.conf.in
View file

@ -1,98 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
geoip-directory "../data";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
view one {
match-clients { geoip asnum "AS100001 One Systems, Inc."; };
zone "example" {
type master;
file "example1.db";
};
};
view two {
match-clients { geoip asnum "AS100002 Two Technology Ltd."; };
zone "example" {
type master;
file "example2.db";
};
};
view three {
match-clients { geoip asnum "AS100003 Three Network Labs"; };
zone "example" {
type master;
file "example3.db";
};
};
view four {
match-clients { geoip asnum "AS100004 Four University"; };
zone "example" {
type master;
file "example4.db";
};
};
view five {
match-clients { geoip asnum "AS100005 Five Telecom"; };
zone "example" {
type master;
file "example5.db";
};
};
view six {
match-clients { geoip asnum "AS100006 Six Company"; };
zone "example" {
type master;
file "example6.db";
};
};
view seven {
match-clients { geoip asnum "AS100007 Seven Communications"; };
zone "example" {
type master;
file "example7.db";
};
};
view none {
match-clients { any; };
zone "example" {
type master;
file "example.db.in";
};
};

37
bin/tests/system/geoip/options.conf
View file

@ -1,37 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS2
controls { /* empty */ };
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
geoip-directory "data";
allow-query {
geoip area 831;
geoip areacode 831;
geoip metro 828;
geoip metrocode 828;
geoip tz PST;
geoip timezone PST;
geoip postal 95060;
geoip postalcode 95060;
};
};

19
bin/tests/system/geoip/prereq.sh
View file

@ -1,19 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
$FEATURETEST --have-geoip || {
echo_i "This test requires GeoIP support." >&2
exit 255
}
exit 0

25
bin/tests/system/geoip/setup.sh
View file

@ -1,25 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
$SHELL clean.sh
copy_setports ns2/named1.conf.in ns2/named.conf
for i in 1 2 3 4 5 6 7 other bogus; do
cp ns2/example.db.in ns2/example${i}.db
echo "@ IN TXT \"$i\"" >> ns2/example$i.db
done
mkdir -p data2
cp data/GeoIPv6.dat data2/

324
bin/tests/system/geoip/tests.sh
View file

@ -1,324 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
status=0
n=0
rm -f dig.out.*
DIGOPTS="+tcp +short -p ${PORT} @10.53.0.2"
DIGOPTS6="+tcp +short -p ${PORT} @fd92:7065:b8e:ffff::2"
RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
n=`expr $n + 1`
echo_i "checking GeoIP country database by code ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
echo_i "reloading server"
copy_setports ns2/named2.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
echo_i "checking GeoIP country database by three-letter code ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
echo_i "reloading server"
copy_setports ns2/named3.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
echo_i "checking GeoIP country database by name ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
echo_i "reloading server"
copy_setports ns2/named4.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
echo_i "checking GeoIP region code, no specified database ($n)"
ret=0
lret=0
# skipping 2 on purpose here; it has the same region code as 1
for i in 1 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
echo_i "reloading server"
copy_setports ns2/named5.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
echo_i "checking GeoIP region database by region name and country code ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "reloading server"
copy_setports ns2/named6.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 3
if $TESTSOCK6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
echo_i "checking GeoIP city database by city name using IPv6 ($n)"
ret=0
$DIG +tcp +short -p ${PORT} @fd92:7065:b8e:ffff::1 -6 txt example -b fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
else
echo_i "IPv6 unavailable; skipping"
fi
n=`expr $n + 1`
echo_i "checking GeoIP city database by city name ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
echo_i "reloading server"
copy_setports ns2/named7.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
echo_i "checking GeoIP isp database ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
echo_i "reloading server"
copy_setports ns2/named8.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
echo_i "checking GeoIP org database ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
echo_i "reloading server"
copy_setports ns2/named9.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
echo_i "checking GeoIP asnum database ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
echo_i "reloading server"
copy_setports ns2/named10.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
echo_i "checking GeoIP asnum database - ASNNNN only ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
echo_i "reloading server"
copy_setports ns2/named11.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
echo_i "checking GeoIP domain database ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
echo_i "reloading server"
copy_setports ns2/named12.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
echo_i "checking GeoIP netspeed database ($n)"
ret=0
lret=0
for i in 1 2 3 4; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
echo_i "reloading server"
copy_setports ns2/named13.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
echo_i "checking GeoIP blackhole ACL ($n)"
ret=0
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n || ret=1
$RNDCCMD 10.53.0.2 status 2>&1 > rndc.out.ns2.test$n || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
echo_i "reloading server"
copy_setports ns2/named14.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
echo_i "checking GeoIP country database by code (using nested ACLs) ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "reloading server with different geoip-directory ($n)"
copy_setports ns2/named15.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 3
awk '/using "..\/data2" as GeoIP directory/ {m=1} ; { if (m>0) { print } }' ns2/named.run | grep "GeoIP City .* DB not available" > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "checking GeoIP v4/v6 when only IPv6 database is available ($n)"
ret=0
$DIG $DIGOPTS -4 txt example -b 10.53.0.2 > dig.out.ns2.test$n.1 || ret=1
j=`cat dig.out.ns2.test$n.1 | tr -d '"'`
[ "$j" = "bogus" ] || ret=1
if $TESTSOCK6 fd92:7065:b8e:ffff::2; then
$DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n.2 || ret=1
j=`cat dig.out.ns2.test$n.2 | tr -d '"'`
[ "$j" = "2" ] || ret=1
fi
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "checking other GeoIP options are parsed correctly ($n)"
ret=0
$CHECKCONF options.conf || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

9
config.h.in
View file

@ -168,18 +168,9 @@
/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */
#undef HAVE_FSEEKO
/* Build with GeoIP support */
#undef HAVE_GEOIP
/* Build with GeoIP2 support */
#undef HAVE_GEOIP2
/* Build with GeoIP City IPv6 support */
#undef HAVE_GEOIP_CITY_V6
/* Build with GeoIP Country IPv6 support */
#undef HAVE_GEOIP_V6
/* Define to 1 if you have the `getc_unlocked' function. */
#undef HAVE_GETC_UNLOCKED

9
config.h.win32
View file

@ -313,15 +313,12 @@ typedef __int64 off_t;
/* Build with GeoIP support */
@HAVE_GEOIP@
/* Build with GeoIP2 support */
@HAVE_GEOIP2@
/* define if idnkit support is to be included. */
@WITH_IDN@
/* Build with GeoIP City IPv6 support */
@HAVE_GEOIP_CITY_V6@
/* Build with GeoIP Country IPv6 support */
@HAVE_GEOIP_V6@
/* Define if zlib was found */
@HAVE_ZLIB@

298
configure vendored
View file

@ -752,8 +752,6 @@ PTHREAD_CFLAGS
PTHREAD_LIBS
PTHREAD_CC
ax_pthread_config
GEOIPLINKOBJS
GEOIPLINKSRCS
GEOIP2LINKOBJS
GEOIP2LINKSRCS
MAXMINDDB_PREFIX
@ -852,6 +850,7 @@ infodir
docdir
oldincludedir
includedir
runstatedir
localstatedir
sharedstatedir
sysconfdir
@ -904,7 +903,6 @@ with_python_install_dir
enable_kqueue
enable_epoll
enable_devpoll
with_geoip
with_geoip2
with_locktype
with_libtool
@ -1019,6 +1017,7 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@ -1271,6 +1270,15 @@ do
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
-runstatedir | --runstatedir | --runstatedi | --runstated \
| --runstate | --runstat | --runsta | --runst | --runs \
| --run | --ru | --r)
ac_prev=runstatedir ;;
-runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
| --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
| --run=* | --ru=* | --r=*)
runstatedir=$ac_optarg ;;
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@ -1408,7 +1416,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
libdir localedir mandir
libdir localedir mandir runstatedir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
@ -1561,6 +1569,7 @@ Fine tuning of the installation directories:
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
@ -1651,9 +1660,8 @@ Optional Packages:
--with-python=PATH specify path to Python interpreter
--with-python-install-dir=PATH
installation directory for Python modules
--with-geoip=PATH Build with legacy GeoIP support (yes|no|path)
--with-geoip2=PATH Build with MaxMind GeoIP2 support (auto|yes|no|path)
[default=$geoip2_default]
[default=auto]
--with-locktype=ARG Specify mutex lock type (adaptive or standard)
--with-libtool use GNU libtool
--with-openssl=DIR root of the OpenSSL directory
@ -3997,7 +4005,7 @@ else
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
@ -4043,7 +4051,7 @@ else
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
@ -4067,7 +4075,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
@ -4112,7 +4120,7 @@ else
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
@ -4136,7 +4144,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
@ -14436,37 +14444,16 @@ $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h
#
# GeoIP support?
#
geoip2_default="auto"
# Check whether --with-geoip was given.
if test "${with_geoip+set}" = set; then :
withval=$with_geoip;
use_geoip="$withval"
geoip2_default="no"
else
use_geoip="no"
fi
# Check whether --with-geoip2 was given.
if test "${with_geoip2+set}" = set; then :
withval=$with_geoip2;
else
with_geoip2="$geoip2_default"
with_geoip2="auto"
fi
# --with-geoip2 should be turned on by default if the library exists.
#
# --with-geoip is not on by default, but can be turned on if the library
# exists. if it is turned on, --with-geoip2 is suppressed.
#
# specifying both --with-geoip and --with-geoip2 is an error.
if test "no" != "$with_geoip2" && test "no" != "$use_geoip"; then :
as_fn_error $? "--with-geoip and --with-geoip2 are incompatible" "$LINENO" 5
fi
GEOIP2LINKSRCS=
GEOIP2LINKOBJS=
case $with_geoip2 in #(
@ -14843,250 +14830,6 @@ esac
GEOIPLINKSRCS=
GEOIPLINKOBJS=
if test "yes" = "$use_geoip"
then
for d in /usr /usr/local /opt/local
do
if test -f $d/include/GeoIP.h
then
use_geoip=$d
break
fi
done
fi
case "$use_geoip" in
no|'')
;;
*)
if test -d "$use_geoip" -o -L "$use_geoip"
then
CFLAGS="$CFLAGS -I$use_geoip/include"
CPPFLAGS="$CPPFLAGS -I$use_geoip/include"
LIBS="$LIBS -L$use_geoip/lib"
case "$host_os" in
netbsd*|openbsd*|solaris*)
LIBS="$LIBS -Wl,-rpath=$use_geoip/lib"
;;
esac
elif test "yes" = "$use_geoip"
then
as_fn_error $? "GeoIP path not found" "$LINENO" 5
else
as_fn_error $? "GeoIP path $use_geoip does not exist" "$LINENO" 5
fi
ac_fn_c_check_header_mongrel "$LINENO" "GeoIP.h" "ac_cv_header_GeoIP_h" "$ac_includes_default"
if test "x$ac_cv_header_GeoIP_h" = xyes; then :
else
as_fn_error $? "GeoIP header file not found" "$LINENO" 5
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing GeoIP_id_by_addr_gl" >&5
$as_echo_n "checking for library containing GeoIP_id_by_addr_gl... " >&6; }
if ${ac_cv_search_GeoIP_id_by_addr_gl+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char GeoIP_id_by_addr_gl ();
int
main ()
{
return GeoIP_id_by_addr_gl ();
;
return 0;
}
_ACEOF
for ac_lib in '' GeoIP; do
if test -z "$ac_lib"; then
ac_res="none required"
else
ac_res=-l$ac_lib
LIBS="-l$ac_lib $ac_func_search_save_LIBS"
fi
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_search_GeoIP_id_by_addr_gl=$ac_res
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
if ${ac_cv_search_GeoIP_id_by_addr_gl+:} false; then :
break
fi
done
if ${ac_cv_search_GeoIP_id_by_addr_gl+:} false; then :
else
ac_cv_search_GeoIP_id_by_addr_gl=no
fi
rm conftest.$ac_ext
LIBS=$ac_func_search_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_GeoIP_id_by_addr_gl" >&5
$as_echo "$ac_cv_search_GeoIP_id_by_addr_gl" >&6; }
ac_res=$ac_cv_search_GeoIP_id_by_addr_gl
if test "$ac_res" != no; then :
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
else
as_fn_error $? "suitable GeoIP library not found" "$LINENO" 5
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing fabsf" >&5
$as_echo_n "checking for library containing fabsf... " >&6; }
if ${ac_cv_search_fabsf+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char fabsf ();
int
main ()
{
return fabsf ();
;
return 0;
}
_ACEOF
for ac_lib in '' m; do
if test -z "$ac_lib"; then
ac_res="none required"
else
ac_res=-l$ac_lib
LIBS="-l$ac_lib $ac_func_search_save_LIBS"
fi
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_search_fabsf=$ac_res
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
if ${ac_cv_search_fabsf+:} false; then :
break
fi
done
if ${ac_cv_search_fabsf+:} false; then :
else
ac_cv_search_fabsf=no
fi
rm conftest.$ac_ext
LIBS=$ac_func_search_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_fabsf" >&5
$as_echo "$ac_cv_search_fabsf" >&6; }
ac_res=$ac_cv_search_fabsf
if test "$ac_res" != no; then :
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
else
as_fn_error $? "Math library not found" "$LINENO" 5
fi
$as_echo "#define HAVE_GEOIP 1" >>confdefs.h
GEOIPLINKSRCS='${GEOIPLINKSRCS}'
GEOIPLINKOBJS='${GEOIPLINKOBJS}'
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GeoIP support" >&5
$as_echo_n "checking for GeoIP support... " >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GeoIP Country IPv6 support" >&5
$as_echo_n "checking for GeoIP Country IPv6 support... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <GeoIP.h>
#include <netinet/in.h>
int
main ()
{
struct in6_addr in6;
GeoIP_country_name_by_ipnum_v6(NULL, in6);
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
$as_echo "#define HAVE_GEOIP_V6 1" >>confdefs.h
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GeoIP City IPv6 support" >&5
$as_echo_n "checking for GeoIP City IPv6 support... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <GeoIP.h>
#include <GeoIPCity.h>
#include <netinet/in.h>
int
main ()
{
struct in6_addr in6;
int i = GEOIP_CITY_EDITION_REV0_V6;
GeoIP_record_by_ipnum_v6(NULL, in6);
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
$as_echo "#define HAVE_GEOIP_CITY_V6 1" >>confdefs.h
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
;;
esac
#
# Do we have arc4random(), etc ?
@ -25731,7 +25474,6 @@ report() {
test "no" = "$use_dnstap" || \
echo " Allow 'dnstap' packet logging (--enable-dnstap)"
test -z "$MAXMINDDB_LIBS" || echo " GeoIP2 access control (--with-geoip2)"
test "no" = "$use_geoip" || echo " Legacy GeoIP access control (--with-geoip)"
test "no" = "$use_gssapi" || echo " GSS-API (--with-gssapi)"
if test "yes" = "$enable_full_report" -o "aes" != "$with_cc_alg"; then
echo " Algorithm: $with_cc_alg"

108
configure.ac
View file

@ -510,29 +510,12 @@ AC_C_BIGENDIAN
#
# GeoIP support?
#
geoip2_default="auto"
AC_ARG_WITH(geoip,
AS_HELP_STRING([--with-geoip=PATH],
[Build with legacy GeoIP support (yes|no|path)]),
[
use_geoip="$withval"
geoip2_default="no"
],
[use_geoip="no"])
AC_ARG_WITH([geoip2],
[AS_HELP_STRING([--with-geoip2=PATH],
[Build with MaxMind GeoIP2 support (auto|yes|no|path) [default=$geoip2_default]])],
[], with_geoip2="$geoip2_default")
[Build with MaxMind GeoIP2 support (auto|yes|no|path) [default=auto]])],
[], with_geoip2="auto")
# --with-geoip2 should be turned on by default if the library exists.
#
# --with-geoip is not on by default, but can be turned on if the library
# exists. if it is turned on, --with-geoip2 is suppressed.
#
# specifying both --with-geoip and --with-geoip2 is an error.
AS_IF([test "no" != "$with_geoip2" && test "no" != "$use_geoip"],
[AC_MSG_ERROR([--with-geoip and --with-geoip2 are incompatible])])
GEOIP2LINKSRCS=
GEOIP2LINKOBJS=
AS_CASE([$with_geoip2],
@ -571,92 +554,6 @@ AC_SUBST([MAXMINDDB_LIBS])
AC_SUBST([GEOIP2LINKSRCS])
AC_SUBST([GEOIP2LINKOBJS])
GEOIPLINKSRCS=
GEOIPLINKOBJS=
if test "yes" = "$use_geoip"
then
for d in /usr /usr/local /opt/local
do
if test -f $d/include/GeoIP.h
then
use_geoip=$d
break
fi
done
fi
case "$use_geoip" in
no|'')
;;
*)
if test -d "$use_geoip" -o -L "$use_geoip"
then
CFLAGS="$CFLAGS -I$use_geoip/include"
CPPFLAGS="$CPPFLAGS -I$use_geoip/include"
LIBS="$LIBS -L$use_geoip/lib"
case "$host_os" in
netbsd*|openbsd*|solaris*)
LIBS="$LIBS -Wl,-rpath=$use_geoip/lib"
;;
esac
elif test "yes" = "$use_geoip"
then
AC_MSG_ERROR([GeoIP path not found])
else
AC_MSG_ERROR([GeoIP path $use_geoip does not exist])
fi
AC_CHECK_HEADER(GeoIP.h, [],
[AC_MSG_ERROR([GeoIP header file not found])]
)
AC_SEARCH_LIBS(GeoIP_id_by_addr_gl, GeoIP, [],
[AC_MSG_ERROR([suitable GeoIP library not found])]
)
AC_SEARCH_LIBS(fabsf, m, [],
[AC_MSG_ERROR([Math library not found])]
)
AC_DEFINE(HAVE_GEOIP, 1, Build with GeoIP support)
GEOIPLINKSRCS='${GEOIPLINKSRCS}'
GEOIPLINKOBJS='${GEOIPLINKOBJS}'
AC_MSG_CHECKING([for GeoIP support])
AC_MSG_RESULT([yes])
AC_MSG_CHECKING([for GeoIP Country IPv6 support])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM([
#include <GeoIP.h>
#include <netinet/in.h>
], [
struct in6_addr in6;
GeoIP_country_name_by_ipnum_v6(NULL, in6);
])],
[
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_GEOIP_V6, 1, Build with GeoIP Country IPv6 support)
],
[AC_MSG_RESULT([no])]
)
AC_MSG_CHECKING([for GeoIP City IPv6 support])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM([
#include <GeoIP.h>
#include <GeoIPCity.h>
#include <netinet/in.h>
], [
struct in6_addr in6;
int i = GEOIP_CITY_EDITION_REV0_V6;
GeoIP_record_by_ipnum_v6(NULL, in6);
])],
[
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_GEOIP_CITY_V6, 1, Build with GeoIP City IPv6 support)
],
[AC_MSG_RESULT([no])]
)
;;
esac
AC_SUBST(GEOIPLINKSRCS)
AC_SUBST(GEOIPLINKOBJS)
#
# Do we have arc4random(), etc ?
@ -3010,7 +2907,6 @@ report() {
test "no" = "$use_dnstap" || \
echo " Allow 'dnstap' packet logging (--enable-dnstap)"
test -z "$MAXMINDDB_LIBS" || echo " GeoIP2 access control (--with-geoip2)"
test "no" = "$use_geoip" || echo " Legacy GeoIP access control (--with-geoip)"
test "no" = "$use_gssapi" || echo " GSS-API (--with-gssapi)"
if test "yes" = "$enable_full_report" -o "aes" != "$with_cc_alg"; then
echo " Algorithm: $with_cc_alg"

6
lib/dns/Makefile.in
View file

@ -54,7 +54,6 @@ DSTOBJS = @DST_EXTRA_OBJS@ \
pkcs11ecdsa_link.@O@ pkcs11eddsa_link.@O@ pkcs11.@O@ \
key.@O@
GEOIPLINKOBJS = geoip.@O@
GEOIP2LINKOBJS = geoip2.@O@
DNSTAPOBJS = dnstap.@O@ dnstap.pb-c.@O@
@ -82,7 +81,7 @@ DNSOBJS = acl.@O@ adb.@O@ badcache.@O@ byaddr.@O@ \
PORTDNSOBJS = client.@O@ ecdb.@O@
OBJS= @DNSTAPOBJS@ ${DNSOBJS} ${OTHEROBJS} ${DSTOBJS} \
${PORTDNSOBJS} @GEOIPLINKOBJS@ @GEOIP2LINKOBJS@
${PORTDNSOBJS} @GEOIP2LINKOBJS@
DSTSRCS = @DST_EXTRA_SRCS@ @PKCS11LINKSRCS@ \
dst_api.c dst_parse.c \
@ -93,7 +92,6 @@ DSTSRCS = @DST_EXTRA_SRCS@ @PKCS11LINKSRCS@ \
pkcs11ecdsa_link.c pkcs11eddsa_link.c pkcs11.c \
key.c
GEOIPLINKSRCS = geoip.c
GEOIPL2INKSRCS = geoip2.c
DNSTAPSRCS = dnstap.c dnstap.pb-c.c
@ -118,7 +116,7 @@ DNSSRCS = acl.c adb.c badcache. byaddr.c \
PORTDNSSRCS = client.c ecdb.c
SRCS = ${DSTSRCS} ${DNSSRCS} \
${PORTDNSSRCS} @DNSTAPSRCS@ @GEOIPLINKSRCS@ @GEOIP2LINKSRCS@
${PORTDNSSRCS} @DNSTAPSRCS@ @GEOIP2LINKSRCS@
SUBDIRS = include
TARGETS = timestamp

10
lib/dns/acl.c
View file

@ -329,7 +329,7 @@ dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, bool pos)
return result;
}
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
/* Duplicate GeoIP data */
if (source->elements[i].type == dns_aclelementtype_geoip) {
dest->elements[nelem + i].geoip_elem =
@ -407,7 +407,7 @@ dns_aclelement_match(const isc_netaddr_t *reqaddr,
inner = env->localnets;
break;
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
case dns_aclelementtype_geoip:
if (env == NULL || env->geoip == NULL)
return (false);
@ -583,7 +583,7 @@ dns_acl_isinsecure(const dns_acl_t *a) {
return (true);
continue;
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
case dns_aclelementtype_geoip:
#endif
case dns_aclelementtype_localnets:
@ -636,7 +636,7 @@ dns_aclenv_init(isc_mem_t *mctx, dns_aclenv_t *env) {
if (result != ISC_R_SUCCESS)
goto cleanup_localhost;
env->match_mapped = false;
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
env->geoip = NULL;
#endif
return (ISC_R_SUCCESS);
@ -654,7 +654,7 @@ dns_aclenv_copy(dns_aclenv_t *t, dns_aclenv_t *s) {
dns_acl_detach(&t->localnets);
dns_acl_attach(s->localnets, &t->localnets);
t->match_mapped = s->match_mapped;
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
t->geoip = s->geoip;
#endif
}

827
lib/dns/geoip.c
View file

@ -1,827 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file */
#include <inttypes.h>
#include <stdbool.h>
#include <isc/util.h>
#include <isc/mem.h>
#include <isc/once.h>
#include <isc/string.h>
#include <dns/acl.h>
#include <dns/geoip.h>
#include <isc/thread.h>
#include <math.h>
#ifndef WIN32
#include <netinet/in.h>
#else
#ifndef _WINSOCKAPI_
#define _WINSOCKAPI_ /* Prevent inclusion of winsock.h in windows.h */
#endif
#include <winsock2.h>
#endif /* WIN32 */
#include <dns/log.h>
#ifdef HAVE_GEOIP
#include <GeoIP.h>
#include <GeoIPCity.h>
/*
* This structure preserves state from the previous GeoIP lookup,
* so that successive lookups for the same data from the same IP
* address will not require repeated calls into the GeoIP library
* to look up data in the database. This should improve performance
* somewhat.
*
* For lookups in the City and Region databases, we preserve pointers
* to the GeoIPRecord and GeoIPregion structures; these will need to be
* freed by GeoIPRecord_delete() and GeoIPRegion_delete().
*
* for lookups in ISP, AS, Org and Domain we prserve a pointer to
* the returned name; these must be freed by free().
*
* For lookups in Country we preserve a pointer to the text of
* the country code, name, etc (we use a different pointer for this
* than for the names returned by Org, ISP, etc, because those need
* to be freed but country lookups do not).
*
* For lookups in Netspeed we preserve the returned ID.
*
* XXX: Currently this mechanism is only used for IPv4 lookups; the
* family and addr6 fields are to be used IPv6 is added.
*/
typedef struct geoip_state {
uint16_t subtype;
unsigned int family;
uint32_t ipnum;
geoipv6_t ipnum6;
GeoIPRecord *record;
GeoIPRegion *region;
const char *text;
char *name;
int id;
isc_mem_t *mctx;
} geoip_state_t;
static isc_mutex_t key_mutex;
static bool state_key_initialized = false;
static isc_thread_key_t state_key;
static isc_once_t mutex_once = ISC_ONCE_INIT;
static isc_mem_t *state_mctx = NULL;
static void
key_mutex_init(void) {
isc_mutex_init(&key_mutex);
}
static void
free_state(void *arg) {
geoip_state_t *state = arg;
if (state != NULL && state->record != NULL)
GeoIPRecord_delete(state->record);
if (state != NULL)
isc_mem_putanddetach(&state->mctx,
state, sizeof(geoip_state_t));
isc_thread_key_setspecific(state_key, NULL);
}
static isc_result_t
state_key_init(void) {
isc_result_t result;
result = isc_once_do(&mutex_once, key_mutex_init);
if (result != ISC_R_SUCCESS)
return (result);
if (!state_key_initialized) {
LOCK(&key_mutex);
if (!state_key_initialized) {
int ret;
if (state_mctx == NULL)
result = isc_mem_create(0, 0, &state_mctx);
if (result != ISC_R_SUCCESS)
goto unlock;
isc_mem_setname(state_mctx, "geoip_state", NULL);
isc_mem_setdestroycheck(state_mctx, false);
ret = isc_thread_key_create(&state_key, free_state);
if (ret == 0)
state_key_initialized = true;
else
result = ISC_R_FAILURE;
}
unlock:
UNLOCK(&key_mutex);
}
return (result);
}
static void
clean_state(geoip_state_t *state) {
if (state == NULL)
return;
if (state->record != NULL) {
GeoIPRecord_delete(state->record);
state->record = NULL;
}
if (state->region != NULL) {
GeoIPRegion_delete(state->region);
state->region = NULL;
}
if (state->name != NULL) {
free (state->name);
state->name = NULL;
}
state->ipnum = 0;
state->text = NULL;
state->id = 0;
}
static isc_result_t
set_state(unsigned int family, uint32_t ipnum, const geoipv6_t *ipnum6,
dns_geoip_subtype_t subtype, GeoIPRecord *record,
GeoIPRegion *region, char *name, const char *text, int id)
{
geoip_state_t *state = NULL;
isc_result_t result;
result = state_key_init();
if (result != ISC_R_SUCCESS)
return (result);
state = (geoip_state_t *) isc_thread_key_getspecific(state_key);
if (state == NULL) {
state = (geoip_state_t *) isc_mem_get(state_mctx,
sizeof(geoip_state_t));
if (state == NULL)
return (ISC_R_NOMEMORY);
memset(state, 0, sizeof(*state));
result = isc_thread_key_setspecific(state_key, state);
if (result != ISC_R_SUCCESS) {
isc_mem_put(state_mctx, state, sizeof(geoip_state_t));
return (result);
}
isc_mem_attach(state_mctx, &state->mctx);
} else
clean_state(state);
if (family == AF_INET) {
state->ipnum = ipnum;
} else {
INSIST(ipnum6 != NULL);
state->ipnum6 = *ipnum6;
}
state->family = family;
state->subtype = subtype;
state->record = record;
state->region = region;
state->name = name;
state->text = text;
state->id = id;
return (ISC_R_SUCCESS);
}
static geoip_state_t *
get_state_for(unsigned int family, uint32_t ipnum,
const geoipv6_t *ipnum6)
{
geoip_state_t *state;
isc_result_t result;
result = state_key_init();
if (result != ISC_R_SUCCESS)
return (NULL);
state = (geoip_state_t *) isc_thread_key_getspecific(state_key);
if (state == NULL)
return (NULL);
if (state->family == family &&
((state->family == AF_INET && state->ipnum == ipnum) ||
(state->family == AF_INET6 && ipnum6 != NULL &&
memcmp(state->ipnum6.s6_addr, ipnum6->s6_addr, 16) == 0)))
return (state);
return (NULL);
}
/*
* Country lookups are performed if the previous lookup was from a
* different IP address than the current, or was for a search of a
* different subtype.
*/
static const char *
country_lookup(GeoIP *db, dns_geoip_subtype_t subtype,
unsigned int family,
uint32_t ipnum, const geoipv6_t *ipnum6)
{
geoip_state_t *prev_state = NULL;
const char *text = NULL;
REQUIRE(db != NULL);
#ifndef HAVE_GEOIP_V6
/* no IPv6 support? give up now */
if (family == AF_INET6)
return (NULL);
#endif
prev_state = get_state_for(family, ipnum, ipnum6);
if (prev_state != NULL && prev_state->subtype == subtype) {
text = prev_state->text;
}
if (text == NULL) {
switch (subtype) {
case dns_geoip_country_code:
if (family == AF_INET)
text = GeoIP_country_code_by_ipnum(db, ipnum);
#ifdef HAVE_GEOIP_V6
else
text = GeoIP_country_code_by_ipnum_v6(db,
*ipnum6);
#endif
break;
case dns_geoip_country_code3:
if (family == AF_INET)
text = GeoIP_country_code3_by_ipnum(db, ipnum);
#ifdef HAVE_GEOIP_V6
else
text = GeoIP_country_code3_by_ipnum_v6(db,
*ipnum6);
#endif
break;
case dns_geoip_country_name:
if (family == AF_INET)
text = GeoIP_country_name_by_ipnum(db, ipnum);
#ifdef HAVE_GEOIP_V6
else
text = GeoIP_country_name_by_ipnum_v6(db,
*ipnum6);
#endif
break;
default:
INSIST(0);
ISC_UNREACHABLE();
}
if (text == NULL)
return (NULL);
set_state(family, ipnum, ipnum6, subtype,
NULL, NULL, NULL, text, 0);
}
return (text);
}
static char *
city_string(GeoIPRecord *record, dns_geoip_subtype_t subtype, int *maxlen) {
const char *s;
char *deconst;
REQUIRE(record != NULL);
REQUIRE(maxlen != NULL);
/* Set '*maxlen' to the maximum length of this subtype, if any */
switch (subtype) {
case dns_geoip_city_countrycode:
case dns_geoip_city_region:
case dns_geoip_city_continentcode:
*maxlen = 2;
break;
case dns_geoip_city_countrycode3:
*maxlen = 3;
break;
default:
/* No fixed length; just use strcasecmp() for comparison */
*maxlen = 255;
}
switch (subtype) {
case dns_geoip_city_countrycode:
return (record->country_code);
case dns_geoip_city_countrycode3:
return (record->country_code3);
case dns_geoip_city_countryname:
return (record->country_name);
case dns_geoip_city_region:
return (record->region);
case dns_geoip_city_regionname:
s = GeoIP_region_name_by_code(record->country_code,
record->region);
DE_CONST(s, deconst);
return (deconst);
case dns_geoip_city_name:
return (record->city);
case dns_geoip_city_postalcode:
return (record->postal_code);
case dns_geoip_city_continentcode:
return (record->continent_code);
case dns_geoip_city_timezonecode:
s = GeoIP_time_zone_by_country_and_region(record->country_code,
record->region);
DE_CONST(s, deconst);
return (deconst);
default:
INSIST(0);
ISC_UNREACHABLE();
}
}
static bool
is_city(dns_geoip_subtype_t subtype) {
switch (subtype) {
case dns_geoip_city_countrycode:
case dns_geoip_city_countrycode3:
case dns_geoip_city_countryname:
case dns_geoip_city_region:
case dns_geoip_city_regionname:
case dns_geoip_city_name:
case dns_geoip_city_postalcode:
case dns_geoip_city_continentcode:
case dns_geoip_city_timezonecode:
case dns_geoip_city_metrocode:
case dns_geoip_city_areacode:
return (true);
default:
return (false);
}
}
/*
* GeoIPRecord lookups are performed if the previous lookup was
* from a different IP address than the current, or was for a search
* outside the City database.
*/
static GeoIPRecord *
city_lookup(GeoIP *db, dns_geoip_subtype_t subtype,
unsigned int family, uint32_t ipnum,
const geoipv6_t *ipnum6)
{
GeoIPRecord *record = NULL;
geoip_state_t *prev_state = NULL;
REQUIRE(db != NULL);
#ifndef HAVE_GEOIP_V6
/* no IPv6 support? give up now */
if (family == AF_INET6)
return (NULL);
#endif
prev_state = get_state_for(family, ipnum, ipnum6);
if (prev_state != NULL && is_city(prev_state->subtype)) {
record = prev_state->record;
}
if (record == NULL) {
if (family == AF_INET)
record = GeoIP_record_by_ipnum(db, ipnum);
#ifdef HAVE_GEOIP_V6
else
record = GeoIP_record_by_ipnum_v6(db, *ipnum6);
#endif
if (record == NULL)
return (NULL);
set_state(family, ipnum, ipnum6, subtype, record,
NULL, NULL, NULL, 0);
}
return (record);
}
static char * region_string(GeoIPRegion *region, dns_geoip_subtype_t subtype, int *maxlen) {
const char *s;
char *deconst;
REQUIRE(region != NULL);
REQUIRE(maxlen != NULL);
switch (subtype) {
case dns_geoip_region_countrycode:
*maxlen = 2;
return (region->country_code);
case dns_geoip_region_code:
*maxlen = 2;
return (region->region);
case dns_geoip_region_name:
*maxlen = 255;
s = GeoIP_region_name_by_code(region->country_code,
region->region);
DE_CONST(s, deconst);
return (deconst);
default:
INSIST(0);
ISC_UNREACHABLE();
}
}
static bool
is_region(dns_geoip_subtype_t subtype) {
switch (subtype) {
case dns_geoip_region_countrycode:
case dns_geoip_region_code:
return (true);
default:
return (false);
}
}
/*
* GeoIPRegion lookups are performed if the previous lookup was
* from a different IP address than the current, or was for a search
* outside the Region database.
*/
static GeoIPRegion *
region_lookup(GeoIP *db, dns_geoip_subtype_t subtype, uint32_t ipnum) {
GeoIPRegion *region = NULL;
geoip_state_t *prev_state = NULL;
REQUIRE(db != NULL);
prev_state = get_state_for(AF_INET, ipnum, NULL);
if (prev_state != NULL && is_region(prev_state->subtype)) {
region = prev_state->region;
}
if (region == NULL) {
region = GeoIP_region_by_ipnum(db, ipnum);
if (region == NULL)
return (NULL);
set_state(AF_INET, ipnum, NULL, subtype, NULL,
region, NULL, NULL, 0);
}
return (region);
}
/*
* ISP, Organization, AS Number and Domain lookups are performed if
* the previous lookup was from a different IP address than the current,
* or was for a search of a different subtype.
*/
static char *
name_lookup(GeoIP *db, dns_geoip_subtype_t subtype, uint32_t ipnum) {
char *name = NULL;
geoip_state_t *prev_state = NULL;
REQUIRE(db != NULL);
prev_state = get_state_for(AF_INET, ipnum, NULL);
if (prev_state != NULL && prev_state->subtype == subtype) {
name = prev_state->name;
}
if (name == NULL) {
name = GeoIP_name_by_ipnum(db, ipnum);
if (name == NULL)
return (NULL);
set_state(AF_INET, ipnum, NULL, subtype, NULL, NULL,
name, NULL, 0);
}
return (name);
}
/*
* Netspeed lookups are performed if the previous lookup was from a
* different IP address than the current, or was for a search of a
* different subtype.
*/
static int
netspeed_lookup(GeoIP *db, dns_geoip_subtype_t subtype, uint32_t ipnum) {
geoip_state_t *prev_state = NULL;
bool found = false;
int id = -1;
REQUIRE(db != NULL);
prev_state = get_state_for(AF_INET, ipnum, NULL);
if (prev_state != NULL && prev_state->subtype == subtype) {
id = prev_state->id;
found = true;
}
if (!found) {
id = GeoIP_id_by_ipnum(db, ipnum);
if (id == 0)
return (0);
set_state(AF_INET, ipnum, NULL, subtype, NULL,
NULL, NULL, NULL, id);
}
return (id);
}
#endif /* HAVE_GEOIP */
#define DB46(addr, geoip, name) \
((addr->family == AF_INET) ? (geoip->name##_v4) : (geoip->name##_v6))
#ifdef HAVE_GEOIP
/*
* Find the best database to answer a generic subtype
*/
static dns_geoip_subtype_t
fix_subtype(const isc_netaddr_t *reqaddr, const dns_geoip_databases_t *geoip,
dns_geoip_subtype_t subtype)
{
dns_geoip_subtype_t ret = subtype;
switch (subtype) {
case dns_geoip_countrycode:
if (DB46(reqaddr, geoip, city) != NULL)
ret = dns_geoip_city_countrycode;
else if (reqaddr->family == AF_INET && geoip->region != NULL)
ret = dns_geoip_region_countrycode;
else if (DB46(reqaddr, geoip, country) != NULL)
ret = dns_geoip_country_code;
break;
case dns_geoip_countrycode3:
if (DB46(reqaddr, geoip, city) != NULL)
ret = dns_geoip_city_countrycode3;
else if (DB46(reqaddr, geoip, country) != NULL)
ret = dns_geoip_country_code3;
break;
case dns_geoip_countryname:
if (DB46(reqaddr, geoip, city) != NULL)
ret = dns_geoip_city_countryname;
else if (DB46(reqaddr, geoip, country) != NULL)
ret = dns_geoip_country_name;
break;
case dns_geoip_region:
if (DB46(reqaddr, geoip, city) != NULL)
ret = dns_geoip_city_region;
else if (reqaddr->family == AF_INET && geoip->region != NULL)
ret = dns_geoip_region_code;
break;
case dns_geoip_regionname:
if (DB46(reqaddr, geoip, city) != NULL)
ret = dns_geoip_city_regionname;
else if (reqaddr->family == AF_INET && geoip->region != NULL)
ret = dns_geoip_region_name;
break;
default:
break;
}
return (ret);
}
#endif /* HAVE_GEOIP */
bool
dns_geoip_match(const isc_netaddr_t *reqaddr,
const dns_geoip_databases_t *geoip,
const dns_geoip_elem_t *elt)
{
#ifndef HAVE_GEOIP
UNUSED(reqaddr);
UNUSED(geoip);
UNUSED(elt);
return (false);
#else
GeoIP *db;
GeoIPRecord *record;
GeoIPRegion *region;
dns_geoip_subtype_t subtype;
uint32_t ipnum = 0;
int maxlen = 0, id, family;
const char *cs;
char *s;
#ifdef HAVE_GEOIP_V6
const geoipv6_t *ipnum6 = NULL;
#else
const void *ipnum6 = NULL;
#endif
INSIST(geoip != NULL);
family = reqaddr->family;
switch (family) {
case AF_INET:
ipnum = ntohl(reqaddr->type.in.s_addr);
break;
case AF_INET6:
#ifdef HAVE_GEOIP_V6
ipnum6 = &reqaddr->type.in6;
break;
#else
return (false);
#endif
default:
return (false);
}
subtype = fix_subtype(reqaddr, geoip, elt->subtype);
switch (subtype) {
case dns_geoip_country_code:
maxlen = 2;
goto getcountry;
case dns_geoip_country_code3:
maxlen = 3;
goto getcountry;
case dns_geoip_country_name:
maxlen = 255;
getcountry:
db = DB46(reqaddr, geoip, country);
if (db == NULL)
return (false);
INSIST(elt->as_string != NULL);
cs = country_lookup(db, subtype, family, ipnum, ipnum6);
if (cs != NULL && strncasecmp(elt->as_string, cs, maxlen) == 0)
return (true);
break;
case dns_geoip_city_countrycode:
case dns_geoip_city_countrycode3:
case dns_geoip_city_countryname:
case dns_geoip_city_region:
case dns_geoip_city_regionname:
case dns_geoip_city_name:
case dns_geoip_city_postalcode:
case dns_geoip_city_continentcode:
case dns_geoip_city_timezonecode:
INSIST(elt->as_string != NULL);
db = DB46(reqaddr, geoip, city);
if (db == NULL)
return (false);
record = city_lookup(db, subtype, family,
ipnum, ipnum6);
if (record == NULL)
break;
s = city_string(record, subtype, &maxlen);
INSIST(maxlen != 0);
if (s != NULL && strncasecmp(elt->as_string, s, maxlen) == 0)
return (true);
break;
case dns_geoip_city_metrocode:
db = DB46(reqaddr, geoip, city);
if (db == NULL)
return (false);
record = city_lookup(db, subtype, family,
ipnum, ipnum6);
if (record == NULL)
break;
if (elt->as_int == record->metro_code)
return (true);
break;
case dns_geoip_city_areacode:
db = DB46(reqaddr, geoip, city);
if (db == NULL)
return (false);
record = city_lookup(db, subtype, family,
ipnum, ipnum6);
if (record == NULL)
break;
if (elt->as_int == record->area_code)
return (true);
break;
case dns_geoip_region_countrycode:
case dns_geoip_region_code:
case dns_geoip_region_name:
case dns_geoip_region:
if (geoip->region == NULL)
return (false);
INSIST(elt->as_string != NULL);
/* Region DB is not supported for IPv6 */
if (family == AF_INET6)
return (false);
region = region_lookup(geoip->region, subtype, ipnum);
if (region == NULL)
break;
s = region_string(region, subtype, &maxlen);
INSIST(maxlen != 0);
if (s != NULL && strncasecmp(elt->as_string, s, maxlen) == 0)
return (true);
break;
case dns_geoip_isp_name:
db = geoip->isp;
goto getname;
case dns_geoip_org_name:
db = geoip->org;
goto getname;
case dns_geoip_as_asnum:
db = geoip->as;
goto getname;
case dns_geoip_domain_name:
db = geoip->domain;
getname:
if (db == NULL)
return (false);
INSIST(elt->as_string != NULL);
/* ISP, Org, AS, and Domain are not supported for IPv6 */
if (family == AF_INET6)
return (false);
s = name_lookup(db, subtype, ipnum);
if (s != NULL) {
size_t l;
if (strcasecmp(elt->as_string, s) == 0)
return (true);
if (subtype != dns_geoip_as_asnum)
break;
/*
* Just check if the ASNNNN value matches.
*/
l = strlen(elt->as_string);
if (l > 0U && strchr(elt->as_string, ' ') == NULL &&
strncasecmp(elt->as_string, s, l) == 0 &&
s[l] == ' ')
return (true);
}
break;
case dns_geoip_netspeed_id:
INSIST(geoip->netspeed != NULL);
/* Netspeed DB is not supported for IPv6 */
if (family == AF_INET6)
return (false);
id = netspeed_lookup(geoip->netspeed, subtype, ipnum);
if (id == elt->as_int)
return (true);
break;
case dns_geoip_countrycode:
case dns_geoip_countrycode3:
case dns_geoip_countryname:
case dns_geoip_regionname:
/*
* If these were not remapped by fix_subtype(),
* the database was unavailable. Always return false.
*/
break;
default:
INSIST(0);
ISC_UNREACHABLE();
}
return (false);
#endif
}
void
dns_geoip_shutdown(void) {
#ifdef HAVE_GEOIP
GeoIP_cleanup();
if (state_mctx != NULL)
isc_mem_detach(&state_mctx);
#else
return;
#endif
}

14
lib/dns/include/dns/acl.h
View file

@ -32,9 +32,7 @@
#include <isc/netaddr.h>
#include <isc/refcount.h>
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#include <dns/geoip.h>
#endif
#include <dns/name.h>
#include <dns/types.h>
#include <dns/iptable.h>
@ -49,9 +47,9 @@ typedef enum {
dns_aclelementtype_nestedacl,
dns_aclelementtype_localhost,
dns_aclelementtype_localnets,
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
dns_aclelementtype_geoip,
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
dns_aclelementtype_any
} dns_aclelementtype_t;
@ -66,9 +64,9 @@ struct dns_aclelement {
dns_aclelementtype_t type;
bool negative;
dns_name_t keyname;
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
dns_geoip_elem_t geoip_elem;
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
dns_acl_t *nestedacl;
int node_num;
};
@ -91,9 +89,9 @@ struct dns_aclenv {
dns_acl_t *localhost;
dns_acl_t *localnets;
bool match_mapped;
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
dns_geoip_databases_t *geoip;
#endif
#endif /* HAVE_GEOIP2 */
};
#define DNS_ACL_MAGIC ISC_MAGIC('D','a','c','l')

19
lib/dns/include/dns/geoip.h
View file

@ -21,7 +21,7 @@
* GeoIP/GeoIP2 data types and function prototypes.
*/
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
/***
*** Imports
@ -87,7 +87,6 @@ typedef struct dns_geoip_elem {
} dns_geoip_elem_t;
struct dns_geoip_databases {
#ifdef HAVE_GEOIP2
void *country; /* GeoIP2-Country or GeoLite2-Country */
void *city; /* GeoIP2-CIty or GeoLite2-City */
void *domain; /* GeoIP2-Domain */
@ -95,20 +94,6 @@ struct dns_geoip_databases {
void *as; /* GeoIP2-ASN or GeoLite2-ASN */
#define DNS_GEOIP_DATABASE_INIT \
{ NULL, NULL, NULL, NULL, NULL }
#else /* HAVE_GEOIP */
void *country_v4; /* GeoIP DB 1 */
void *city_v4; /* GeoIP DB 2 or 6 */
void *region; /* GeoIP DB 3 or 7 */
void *isp; /* GeoIP DB 4 */
void *org; /* GeoIP DB 5 */
void *as; /* GeoIP DB 9 */
void *netspeed; /* GeoIP DB 10 */
void *domain; /* GeoIP DB 11 */
void *country_v6; /* GeoIP DB 12 */
void *city_v6; /* GeoIP DB 30 or 31 */
#define DNS_GEOIP_DATABASE_INIT \
{ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }
#endif /* HAVE_GEOIP */
};
/***
@ -127,6 +112,6 @@ dns_geoip_shutdown(void);
ISC_LANG_ENDDECLS
#endif /* HAVE_GEOIP | HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
#endif /* DNS_GEOIP_H */

16
lib/dns/tests/acl_test.c
View file

@ -64,11 +64,11 @@ dns_acl_isinsecure_test(void **state) {
dns_acl_t *none = NULL;
dns_acl_t *notnone = NULL;
dns_acl_t *notany = NULL;
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
dns_acl_t *geoip = NULL;
dns_acl_t *notgeoip = NULL;
dns_aclelement_t *de;
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
UNUSED(state);
@ -90,7 +90,7 @@ dns_acl_isinsecure_test(void **state) {
result = dns_acl_merge(notany, any, false);
assert_int_equal(result, ISC_R_SUCCESS);
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
result = dns_acl_create(dt_mctx, 1, &geoip);
assert_int_equal(result, ISC_R_SUCCESS);
@ -111,26 +111,26 @@ dns_acl_isinsecure_test(void **state) {
result = dns_acl_merge(notgeoip, geoip, false);
assert_int_equal(result, ISC_R_SUCCESS);
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
assert_true(dns_acl_isinsecure(any)); /* any; */
assert_false(dns_acl_isinsecure(none)); /* none; */
assert_false(dns_acl_isinsecure(notany)); /* !any; */
assert_false(dns_acl_isinsecure(notnone)); /* !none; */
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
assert_true(dns_acl_isinsecure(geoip)); /* geoip; */
assert_false(dns_acl_isinsecure(notgeoip)); /* !geoip; */
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
dns_acl_detach(&any);
dns_acl_detach(&none);
dns_acl_detach(&notany);
dns_acl_detach(&notnone);
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
dns_acl_detach(&geoip);
dns_acl_detach(&notgeoip);
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
}
int

290
lib/dns/tests/geoip_test.c
View file

@ -37,14 +37,11 @@
/* Use GeoIP2 databases from the 'geoip2' system test */
#define TEST_GEOIP_DATA "../../../bin/tests/system/geoip2/data"
#elif defined(HAVE_GEOIP)
#include <GeoIP.h>
/* Use GeoIP databases from the 'geoip' system test */
#define TEST_GEOIP_DATA "../../../bin/tests/system/geoip/data"
#endif
static dns_geoip_databases_t geoip = DNS_GEOIP_DATABASE_INIT;
static MMDB_s geoip_country, geoip_city, geoip_as, geoip_isp, geoip_domain;
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
static int
_setup(void **state) {
isc_result_t result;
@ -66,12 +63,6 @@ _teardown(void **state) {
return (0);
}
static dns_geoip_databases_t geoip = DNS_GEOIP_DATABASE_INIT;
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#if defined(HAVE_GEOIP2)
static MMDB_s geoip_country, geoip_city, geoip_as, geoip_isp, geoip_domain;
static MMDB_s *
open_geoip2(const char *dir, const char *dbfile, MMDB_s *mmdb) {
char pathbuf[PATH_MAX];
@ -95,105 +86,7 @@ load_geoip(const char *dir) {
geoip.isp = open_geoip2(dir, "GeoIP2-ISP.mmdb", &geoip_isp);
geoip.domain = open_geoip2(dir, "GeoIP2-Domain.mmdb", &geoip_domain);
}
#elif defined(HAVE_GEOIP)
/*
* Helper functions (mostly copied from bin/named/geoip.c)
*/
static void
init_geoip_db(void **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback,
GeoIPOptions method, const char *name)
{
GeoIP *db;
REQUIRE(dbp != NULL);
db = (GeoIP *)*dbp;
if (db != NULL) {
GeoIP_delete(db);
db = *dbp = NULL;
}
if (! GeoIP_db_avail(edition)) {
goto fail;
}
db = GeoIP_open_type(edition, method);
if (db == NULL) {
goto fail;
}
*dbp = db;
return;
fail:
if (fallback != 0) {
init_geoip_db(dbp, fallback, 0, method, name);
}
}
static void
load_geoip(const char *dir) {
GeoIPOptions method;
#ifdef _WIN32
method = GEOIP_STANDARD;
#else
method = GEOIP_MMAP_CACHE;
#endif
if (dir != NULL) {
char *p;
DE_CONST(dir, p);
GeoIP_setup_custom_directory(p);
}
init_geoip_db(&geoip.country_v4, GEOIP_COUNTRY_EDITION, 0,
method, "Country (IPv4)");
#ifdef HAVE_GEOIP_V6
init_geoip_db(&geoip.country_v6, GEOIP_COUNTRY_EDITION_V6, 0,
method, "Country (IPv6)");
#endif
init_geoip_db(&geoip.city_v4, GEOIP_CITY_EDITION_REV1,
GEOIP_CITY_EDITION_REV0, method, "City (IPv4)");
#if defined(HAVE_GEOIP_V6) && defined(HAVE_GEOIP_CITY_V6)
init_geoip_db(&geoip.city_v6, GEOIP_CITY_EDITION_REV1_V6,
GEOIP_CITY_EDITION_REV0_V6, method, "City (IPv6)");
#endif
init_geoip_db(&geoip.region, GEOIP_REGION_EDITION_REV1,
GEOIP_REGION_EDITION_REV0, method, "Region");
init_geoip_db(&geoip.isp, GEOIP_ISP_EDITION, 0,
method, "ISP");
init_geoip_db(&geoip.org, GEOIP_ORG_EDITION, 0,
method, "Org");
init_geoip_db(&geoip.as, GEOIP_ASNUM_EDITION, 0,
method, "AS");
init_geoip_db(&geoip.domain, GEOIP_DOMAIN_EDITION, 0,
method, "Domain");
init_geoip_db(&geoip.netspeed, GEOIP_NETSPEED_EDITION, 0,
method, "NetSpeed");
}
static bool
do_lookup_int(const char *addr, dns_geoip_subtype_t subtype, int id) {
dns_geoip_elem_t elt;
struct in_addr in4;
isc_netaddr_t na;
inet_pton(AF_INET, addr, &in4);
isc_netaddr_fromin(&na, &in4);
elt.subtype = subtype;
elt.as_int = id;
return (dns_geoip_match(&na, &geoip, &elt));
}
#endif /* HAVE_GEOIP */
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
static bool
do_lookup_string(const char *addr, dns_geoip_subtype_t subtype,
const char *string)
@ -238,15 +131,9 @@ country(void **state) {
/* Use databases from the geoip system test */
load_geoip(TEST_GEOIP_DATA);
#ifdef HAVE_GEOIP2
if (geoip.country == NULL) {
skip();
}
#else /* HAVE_GEOIP */
if (geoip.country_v4 == NULL) {
skip();
}
#endif /* HAVE_GEOIP */
match = do_lookup_string("10.53.0.1", dns_geoip_country_code, "AU");
assert_true(match);
@ -273,15 +160,9 @@ country_v6(void **state) {
/* Use databases from the geoip system test */
load_geoip(TEST_GEOIP_DATA);
#ifdef HAVE_GEOIP2
if (geoip.country == NULL) {
skip();
}
#else /* HAVE_GEOIP */
if (geoip.country_v6 == NULL) {
skip();
}
#endif /* HAVE_GEOIP */
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
dns_geoip_country_code, "AU");
@ -302,15 +183,9 @@ city(void **state) {
/* Use databases from the geoip system test */
load_geoip(TEST_GEOIP_DATA);
#ifdef HAVE_GEOIP2
if (geoip.city == NULL) {
skip();
}
#else /* HAVE_GEOIP */
if (geoip.city_v4 == NULL) {
skip();
}
#endif /* HAVE_GEOIP */
match = do_lookup_string("10.53.0.1",
dns_geoip_city_continentcode, "NA");
@ -339,14 +214,6 @@ city(void **state) {
match = do_lookup_string("10.53.0.1",
dns_geoip_city_postalcode, "94063");
assert_true(match);
#ifdef HAVE_GEOIP
match = do_lookup_int("10.53.0.1", dns_geoip_city_areacode, 650);
assert_true(match);
match = do_lookup_int("10.53.0.1", dns_geoip_city_metrocode, 807);
assert_true(match);
#endif
}
/* GeoIP city (ipv6) matching */
@ -359,15 +226,9 @@ city_v6(void **state) {
/* Use databases from the geoip system test */
load_geoip(TEST_GEOIP_DATA);
#ifdef HAVE_GEOIP2
if (geoip.city == NULL) {
skip();
}
#else /* HAVE_GEOIP */
if (geoip.city_v6 == NULL) {
skip();
}
#endif /* HAVE_GEOIP */
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
dns_geoip_city_continentcode, "NA");
@ -447,15 +308,9 @@ org(void **state) {
/* Use databases from the geoip system test */
load_geoip(TEST_GEOIP_DATA);
#ifdef HAVE_GEOIP2
if (geoip.as == NULL) {
skip();
}
#else /* HAVE_GEOIP */
if (geoip.org == NULL) {
skip();
}
#endif /* HAVE_GEOIP */
match = do_lookup_string("10.53.0.2", dns_geoip_org_name,
"Two Technology Ltd.");
@ -480,141 +335,11 @@ domain(void **state) {
dns_geoip_domain_name, "five.es");
assert_true(match);
}
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#ifdef HAVE_GEOIP
/* GeoIP region matching */
static void
region(void **state) {
bool match;
UNUSED(state);
/* Use databases from the geoip system test */
load_geoip(TEST_GEOIP_DATA);
if (geoip.region == NULL) {
skip();
}
match = do_lookup_string("10.53.0.1",
dns_geoip_region_code, "CA");
assert_true(match);
match = do_lookup_string("10.53.0.1",
dns_geoip_region_name, "California");
assert_true(match);
match = do_lookup_string("10.53.0.1",
dns_geoip_region_countrycode, "US");
assert_true(match);
}
/* GeoIP netspeed matching */
static void
netspeed(void **state) {
bool match;
UNUSED(state);
/* Use databases from the geoip system test */
load_geoip(TEST_GEOIP_DATA);
if (geoip.netspeed == NULL) {
skip();
}
match = do_lookup_int("10.53.0.1", dns_geoip_netspeed_id, 0);
assert_true(match);
match = do_lookup_int("10.53.0.2", dns_geoip_netspeed_id, 1);
assert_true(match);
match = do_lookup_int("10.53.0.3", dns_geoip_netspeed_id, 2);
assert_true(match);
match = do_lookup_int("10.53.0.4", dns_geoip_netspeed_id, 3);
assert_true(match);
}
/*
* GeoIP best-database matching
* (With no specified databse and a city database available, answers
* should come from city database. With city database unavailable, region
* database. Region database unavailable, country database.)
*/
static void
best(void **state) {
bool match;
UNUSED(state);
/* Use databases from the geoip system test */
load_geoip(TEST_GEOIP_DATA);
if (geoip.region == NULL) {
skip();
}
match = do_lookup_string("10.53.0.4",
dns_geoip_countrycode, "US");
assert_true(match);
match = do_lookup_string("10.53.0.4",
dns_geoip_countrycode3, "USA");
assert_true(match);
match = do_lookup_string("10.53.0.4",
dns_geoip_countryname, "United States");
assert_true(match);
match = do_lookup_string("10.53.0.4",
dns_geoip_regionname, "Virginia");
assert_true(match);
match = do_lookup_string("10.53.0.4",
dns_geoip_region, "VA");
assert_true(match);
GeoIP_delete(geoip.city_v4);
geoip.city_v4 = NULL;
match = do_lookup_string("10.53.0.4",
dns_geoip_countrycode, "AU");
assert_true(match);
/*
* Note, region doesn't support code3 or countryname, so
* the next two would be answered from the country database instead
*/
match = do_lookup_string("10.53.0.4",
dns_geoip_countrycode3, "CAN");
assert_true(match);
match = do_lookup_string("10.53.0.4",
dns_geoip_countryname, "Canada");
assert_true(match);
GeoIP_delete(geoip.region);
geoip.region = NULL;
match = do_lookup_string("10.53.0.4",
dns_geoip_countrycode, "CA");
assert_true(match);
match = do_lookup_string("10.53.0.4",
dns_geoip_countrycode3, "CAN");
assert_true(match);
match = do_lookup_string("10.53.0.4",
dns_geoip_countryname, "Canada");
assert_true(match);
}
#endif /* HAVE_GEOIP */
#endif /* HAVE_GEOIP2 */
int
main(void) {
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
const struct CMUnitTest tests[] = {
cmocka_unit_test_setup_teardown(country, _setup, _teardown),
cmocka_unit_test_setup_teardown(country_v6, _setup, _teardown),
@ -624,11 +349,6 @@ main(void) {
cmocka_unit_test_setup_teardown(isp, _setup, _teardown),
cmocka_unit_test_setup_teardown(org, _setup, _teardown),
cmocka_unit_test_setup_teardown(domain, _setup, _teardown),
#ifdef HAVE_GEOIP
cmocka_unit_test_setup_teardown(region, _setup, _teardown),
cmocka_unit_test_setup_teardown(netspeed, _setup, _teardown),
cmocka_unit_test_setup_teardown(best, _setup, _teardown),
#endif /* HAVE_GEOIP */
};
return (cmocka_run_group_tests(tests, NULL, NULL));

369
lib/isccfg/aclconf.c
View file

@ -37,19 +37,7 @@ static const char *geoip_dbnames[] = {
"domain",
NULL,
};
#elif defined(HAVE_GEOIP)
static const char *geoip_dbnames[] = {
"country",
"city",
"region",
"asnum",
"isp",
"domain",
"netspeed",
"org",
NULL,
};
#endif /* HAVE_GEOIP */
#endif
isc_result_t
cfg_aclconfctx_create(isc_mem_t *mctx, cfg_aclconfctx_t **ret) {
@ -68,7 +56,7 @@ cfg_aclconfctx_create(isc_mem_t *mctx, cfg_aclconfctx_t **ret) {
isc_mem_attach(mctx, &actx->mctx);
ISC_LIST_INIT(actx->named_acl_cache);
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
actx->geoip = NULL;
#endif
@ -266,12 +254,12 @@ count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx,
n += sub;
if (negative)
n++;
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
} else if (cfg_obj_istuple(ce) &&
cfg_obj_isvoid(cfg_tuple_get(ce, "negated")))
{
n++;
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
} else if (cfg_obj_isstring(ce)) {
const char *name = cfg_obj_asstring(ce);
if (strcasecmp(name, "localhost") == 0 ||
@ -640,350 +628,7 @@ parse_geoip_element(const cfg_obj_t *obj, isc_log_t *lctx,
return (ISC_R_SUCCESS);
}
#elif defined(HAVE_GEOIP)
static dns_geoip_subtype_t
get_subtype(const cfg_obj_t *obj, isc_log_t *lctx,
dns_geoip_subtype_t subtype, const char *dbname)
{
if (dbname == NULL)
return (subtype);
switch (subtype) {
case dns_geoip_countrycode:
if (strcasecmp(dbname, "city") == 0)
return (dns_geoip_city_countrycode);
else if (strcasecmp(dbname, "region") == 0)
return (dns_geoip_region_countrycode);
else if (strcasecmp(dbname, "country") == 0)
return (dns_geoip_country_code);
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"country search: ignored");
return (subtype);
case dns_geoip_countrycode3:
if (strcasecmp(dbname, "city") == 0)
return (dns_geoip_city_countrycode3);
else if (strcasecmp(dbname, "country") == 0)
return (dns_geoip_country_code3);
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"country search: ignored");
return (subtype);
case dns_geoip_countryname:
if (strcasecmp(dbname, "city") == 0)
return (dns_geoip_city_countryname);
else if (strcasecmp(dbname, "country") == 0)
return (dns_geoip_country_name);
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"country search: ignored");
return (subtype);
case dns_geoip_region:
if (strcasecmp(dbname, "city") == 0)
return (dns_geoip_city_region);
else if (strcasecmp(dbname, "region") == 0)
return (dns_geoip_region_code);
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"region search: ignored");
return (subtype);
case dns_geoip_regionname:
if (strcasecmp(dbname, "city") == 0)
return (dns_geoip_city_region);
else if (strcasecmp(dbname, "region") == 0)
return (dns_geoip_region_name);
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"region search: ignored");
return (subtype);
/*
* Log a warning if the wrong database was specified
* on an unambiguous query
*/
case dns_geoip_city_name:
case dns_geoip_city_postalcode:
case dns_geoip_city_metrocode:
case dns_geoip_city_areacode:
case dns_geoip_city_continentcode:
case dns_geoip_city_timezonecode:
if (strcasecmp(dbname, "city") != 0)
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"a 'city'-only search type: ignoring");
return (subtype);
case dns_geoip_isp_name:
if (strcasecmp(dbname, "isp") != 0)
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"an 'isp' search: ignoring");
return (subtype);
case dns_geoip_org_name:
if (strcasecmp(dbname, "org") != 0)
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"an 'org' search: ignoring");
return (subtype);
case dns_geoip_as_asnum:
if (strcasecmp(dbname, "asnum") != 0)
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"an 'asnum' search: ignoring");
return (subtype);
case dns_geoip_domain_name:
if (strcasecmp(dbname, "domain") != 0)
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"a 'domain' search: ignoring");
return (subtype);
case dns_geoip_netspeed_id:
if (strcasecmp(dbname, "netspeed") != 0)
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"a 'netspeed' search: ignoring");
return (subtype);
default:
INSIST(0);
ISC_UNREACHABLE();
}
}
static bool
geoip_can_answer(dns_aclelement_t *elt, cfg_aclconfctx_t *ctx) {
if (ctx->geoip == NULL)
return (true);
switch (elt->geoip_elem.subtype) {
case dns_geoip_countrycode:
case dns_geoip_countrycode3:
case dns_geoip_countryname:
if (ctx->geoip->city_v4 != NULL ||
ctx->geoip->city_v6 != NULL ||
ctx->geoip->country_v4 != NULL ||
ctx->geoip->country_v6 != NULL ||
ctx->geoip->region != NULL)
return (true);
/* FALLTHROUGH */
case dns_geoip_region:
case dns_geoip_regionname:
if (ctx->geoip->city_v4 != NULL ||
ctx->geoip->city_v6 != NULL ||
ctx->geoip->region != NULL)
return (true);
/* FALLTHROUGH */
case dns_geoip_country_code:
case dns_geoip_country_code3:
case dns_geoip_country_name:
if (ctx->geoip->country_v4 != NULL ||
ctx->geoip->country_v6 != NULL)
return (true);
/* FALLTHROUGH */
case dns_geoip_region_countrycode:
case dns_geoip_region_code:
case dns_geoip_region_name:
if (ctx->geoip->region != NULL)
return (true);
/* FALLTHROUGH */
case dns_geoip_city_countrycode:
case dns_geoip_city_countrycode3:
case dns_geoip_city_countryname:
case dns_geoip_city_region:
case dns_geoip_city_regionname:
case dns_geoip_city_name:
case dns_geoip_city_postalcode:
case dns_geoip_city_metrocode:
case dns_geoip_city_areacode:
case dns_geoip_city_continentcode:
case dns_geoip_city_timezonecode:
if (ctx->geoip->city_v4 != NULL ||
ctx->geoip->city_v6 != NULL)
return (true);
/* FALLTHROUGH */
case dns_geoip_isp_name:
if (ctx->geoip->isp != NULL)
return (true);
/* FALLTHROUGH */
case dns_geoip_org_name:
if (ctx->geoip->org != NULL)
return (true);
/* FALLTHROUGH */
case dns_geoip_as_asnum:
if (ctx->geoip->as != NULL)
return (true);
/* FALLTHROUGH */
case dns_geoip_domain_name:
if (ctx->geoip->domain != NULL)
return (true);
/* FALLTHROUGH */
case dns_geoip_netspeed_id:
if (ctx->geoip->netspeed != NULL)
return (true);
/* FALLTHROUGH */
/*
* The following enums are only valid with GeoIP2,
* not legacy GeoIP.
*/
case dns_geoip_continentcode:
case dns_geoip_continent:
case dns_geoip_country_continentcode:
case dns_geoip_country_continent:
case dns_geoip_city_continent:
INSIST(0);
}
return (false);
}
static isc_result_t
parse_geoip_element(const cfg_obj_t *obj, isc_log_t *lctx,
cfg_aclconfctx_t *ctx, dns_aclelement_t *dep)
{
const cfg_obj_t *ge;
const char *dbname = NULL;
const char *stype = NULL, *search = NULL;
dns_geoip_subtype_t subtype;
dns_aclelement_t de;
size_t len;
REQUIRE(dep != NULL);
de = *dep;
ge = cfg_tuple_get(obj, "db");
if (!cfg_obj_isvoid(ge)) {
int i;
dbname = cfg_obj_asstring(ge);
for (i = 0; geoip_dbnames[i] != NULL; i++) {
if (strcasecmp(dbname, geoip_dbnames[i]) == 0) {
break;
}
}
if (geoip_dbnames[i] == NULL) {
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"database '%s' is not defined for GeoIP",
dbname);
return (ISC_R_UNEXPECTED);
}
}
stype = cfg_obj_asstring(cfg_tuple_get(obj, "subtype"));
search = cfg_obj_asstring(cfg_tuple_get(obj, "search"));
len = strlen(search);
if (len == 0) {
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"zero-length geoip search field");
return (ISC_R_FAILURE);
}
if (strcasecmp(stype, "country") == 0 && len == 2) {
/* Two-letter country code */
subtype = dns_geoip_countrycode;
strlcpy(de.geoip_elem.as_string, search,
sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "country") == 0 && len == 3) {
/* Three-letter country code */
subtype = dns_geoip_countrycode3;
strlcpy(de.geoip_elem.as_string, search,
sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "country") == 0) {
/* Country name */
subtype = dns_geoip_countryname;
strlcpy(de.geoip_elem.as_string, search,
sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "region") == 0 && len == 2) {
/* Two-letter region code */
subtype = dns_geoip_region;
strlcpy(de.geoip_elem.as_string, search,
sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "region") == 0) {
/* Region name */
subtype = dns_geoip_regionname;
strlcpy(de.geoip_elem.as_string, search,
sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "city") == 0) {
/* City name */
subtype = dns_geoip_city_name;
strlcpy(de.geoip_elem.as_string, search,
sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "postal") == 0 ||
strcasecmp(stype, "postalcode") == 0)
{
if (len < 7) {
subtype = dns_geoip_city_postalcode;
strlcpy(de.geoip_elem.as_string, search,
sizeof(de.geoip_elem.as_string));
} else {
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"geoiop postal code (%s) too long",
search);
return (ISC_R_FAILURE);
}
} else if (strcasecmp(stype, "metro") == 0 ||
strcasecmp(stype, "metrocode") == 0)
{
subtype = dns_geoip_city_metrocode;
de.geoip_elem.as_int = atoi(search);
} else if (strcasecmp(stype, "area") == 0 ||
strcasecmp(stype, "areacode") == 0)
{
subtype = dns_geoip_city_areacode;
de.geoip_elem.as_int = atoi(search);
} else if (strcasecmp(stype, "tz") == 0 ||
strcasecmp(stype, "timezone") == 0)
{
subtype = dns_geoip_city_timezonecode;
strlcpy(de.geoip_elem.as_string, search,
sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "continent") == 0 && len == 2) {
/* Two-letter continent code */
subtype = dns_geoip_city_continentcode;
strlcpy(de.geoip_elem.as_string, search,
sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "continent") == 0) {
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"geoiop continent code (%s) too long", search);
return (ISC_R_FAILURE);
} else if (strcasecmp(stype, "isp") == 0) {
subtype = dns_geoip_isp_name;
strlcpy(de.geoip_elem.as_string, search,
sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "asnum") == 0) {
subtype = dns_geoip_as_asnum;
strlcpy(de.geoip_elem.as_string, search,
sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "org") == 0) {
subtype = dns_geoip_org_name;
strlcpy(de.geoip_elem.as_string, search,
sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "domain") == 0) {
subtype = dns_geoip_domain_name;
strlcpy(de.geoip_elem.as_string, search,
sizeof(de.geoip_elem.as_string));
} else if (strcasecmp(stype, "netspeed") == 0) {
subtype = dns_geoip_netspeed_id;
de.geoip_elem.as_int = atoi(search);
} else {
INSIST(0);
ISC_UNREACHABLE();
}
de.geoip_elem.subtype = get_subtype(obj, lctx, subtype, dbname);
if (! geoip_can_answer(&de, ctx)) {
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"no GeoIP database installed which can answer "
"queries of type '%s'", stype);
return (ISC_R_FAILURE);
}
*dep = de;
return (ISC_R_SUCCESS);
}
#endif /* HAVE_GEOIP */
#endif /* HAVE_GEOIP2 */
isc_result_t
cfg_acl_fromconfig(const cfg_obj_t *caml, const cfg_obj_t *cctx,
@ -1178,7 +823,7 @@ nested_acl:
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
} else if (cfg_obj_istuple(ce) &&
cfg_obj_isvoid(cfg_tuple_get(ce, "negated")))
{
@ -1189,7 +834,7 @@ nested_acl:
}
de->type = dns_aclelementtype_geoip;
de->negative = neg;
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
} else if (cfg_obj_isstring(ce)) {
/* ACL name. */
const char *name = cfg_obj_asstring(ce);

2
lib/isccfg/include/isccfg/aclconf.h
View file

@ -25,7 +25,7 @@
typedef struct cfg_aclconfctx {
ISC_LIST(dns_acl_t) named_acl_cache;
isc_mem_t *mctx;
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
dns_geoip_databases_t *geoip;
#endif
isc_refcount_t references;

4
lib/isccfg/namedconf.c
View file

@ -1075,12 +1075,12 @@ options_clauses[] = {
{ "fstrm-set-reopen-interval", &cfg_type_ttlval,
CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif /* HAVE_DNSTAP */
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
{ "geoip-directory", &cfg_type_qstringornone, 0 },
#else
{ "geoip-directory", &cfg_type_qstringornone,
CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif /* HAVE_GEOIP */
#endif /* HAVE_GEOIP2 */
{ "geoip-use-ecs", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "heartbeat-interval", &cfg_type_uint32, 0 },

10
lib/isccfg/parser.c
View file

@ -100,7 +100,7 @@ static void
parser_complain(cfg_parser_t *pctx, bool is_warning,
unsigned int flags, const char *format, va_list args);
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
static isc_result_t
parse_geoip(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret);
@ -109,7 +109,7 @@ print_geoip(cfg_printer_t *pctx, const cfg_obj_t *obj);
static void
doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type);
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
/*
* Data representations. These correspond to members of the
@ -1324,7 +1324,7 @@ LIBISCCFG_EXTERNAL_DATA cfg_type_t cfg_type_bracketed_text = {
&cfg_rep_string, NULL
};
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
/*
* "geoip" ACL element:
* geoip [ db <database> ] search-type <string>
@ -1409,7 +1409,7 @@ doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type) {
cfg_print_cstr(pctx, " ");
cfg_doc_obj(pctx, &cfg_type_astring);
}
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#endif /* HAVE_GEOIP2 */
static cfg_type_t cfg_type_addrmatchelt;
static cfg_type_t cfg_type_negated;
@ -1430,7 +1430,7 @@ parse_addrmatchelt(cfg_parser_t *pctx, const cfg_type_t *type,
CHECK(cfg_parse_obj(pctx, &cfg_type_keyref, ret));
} else if (pctx->token.type == isc_tokentype_string &&
(strcasecmp(TOKEN_STRING(pctx), "geoip") == 0)) {
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
CHECK(cfg_gettoken(pctx, 0));
CHECK(cfg_parse_obj(pctx, &cfg_type_geoip, ret));
#else

2
lib/ns/interfacemgr.c
View file

@ -230,7 +230,7 @@ ns_interfacemgr_create(isc_mem_t *mctx,
result = dns_aclenv_init(mctx, &mgr->aclenv);
if (result != ISC_R_SUCCESS)
goto cleanup_listenon;
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#if defined(HAVE_GEOIP2)
mgr->aclenv.geoip = geoip;
#else
UNUSED(geoip);

28
util/copyrights
View file

@ -659,33 +659,6 @@
./bin/tests/system/forward/setup.sh SH 2018,2019
./bin/tests/system/forward/tests.sh SH 2000,2001,2004,2007,2011,2012,2013,2014,2016,2018,2019
./bin/tests/system/genzone.sh SH 2001,2002,2003,2004,2007,2009,2011,2012,2013,2014,2015,2016,2017,2018,2019
./bin/tests/system/geoip/clean.sh SH 2013,2014,2016,2018,2019
./bin/tests/system/geoip/data/GeoIP.csv X 2013,2014,2018,2019
./bin/tests/system/geoip/data/GeoIP.dat X 2013,2014,2018,2019
./bin/tests/system/geoip/data/GeoIPASNum.csv X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPASNum.dat X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPASNumv6.csv X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPASNumv6.dat X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPCity.csv X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPCity.dat X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPCityv6.csv X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPCityv6.dat X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPDomain.csv X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPDomain.dat X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPISP.csv X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPISP.dat X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPNetSpeed.csv X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPNetSpeed.dat X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPOrg.csv X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPOrg.dat X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPRegion.csv X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPRegion.dat X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPv6.csv X 2013,2018,2019
./bin/tests/system/geoip/data/GeoIPv6.dat X 2013,2018,2019
./bin/tests/system/geoip/data/README TXT.BRIEF 2013,2014,2016,2018,2019
./bin/tests/system/geoip/prereq.sh SH 2013,2014,2016,2018,2019
./bin/tests/system/geoip/setup.sh SH 2013,2014,2016,2018,2019
./bin/tests/system/geoip/tests.sh SH 2013,2014,2015,2016,2018,2019
./bin/tests/system/geoip2/clean.sh SH 2019
./bin/tests/system/geoip2/data/GeoIP2-City.json X 2019
./bin/tests/system/geoip2/data/GeoIP2-City.mmdb X 2019
@ -1664,7 +1637,6 @@
./lib/dns/gen-unix.h C 1999,2000,2001,2004,2005,2007,2009,2016,2018,2019
./lib/dns/gen-win32.h C 1999,2000,2001,2004,2005,2006,2007,2009,2014,2016,2018,2019
./lib/dns/gen.c C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2012,2013,2014,2015,2016,2017,2018,2019
./lib/dns/geoip.c C 2013,2014,2015,2016,2018,2019
./lib/dns/geoip2.c C 2019
./lib/dns/gssapi_link.c C 2000,2001,2002,2004,2005,2006,2007,2008,2009,2011,2012,2013,2014,2015,2016,2018,2019
./lib/dns/gssapictx.c C 2000,2001,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019