]>
Commit | Line | Data |
---|---|---|
c259b5d4 ER |
1 | --- version.orig 2012-09-26 17:35:19.000000000 -0700 |
2 | +++ version 2012-10-09 17:38:10.000000000 -0700 | |
3 | @@ -7,4 +7,4 @@ | |
4 | MINORVER=9 | |
5 | PATCHVER=2 | |
6 | RELEASETYPE= | |
7 | -RELEASEVER= | |
8 | +RELEASEVER=-geoip-1.3 | |
9 | --- bin/named/geoip.c.orig 2012-10-09 17:38:10.000000000 -0700 | |
10 | +++ bin/named/geoip.c 2012-10-09 17:38:10.000000000 -0700 | |
11 | @@ -0,0 +1,254 @@ | |
12 | +#ifdef HAVE_GEOIP | |
13 | + | |
14 | +#include <named/log.h> | |
15 | +#include <isc/geoip.h> | |
16 | + | |
17 | +void | |
18 | +geoip_init() | |
19 | +{ | |
20 | +#ifdef _WIN32 | |
21 | + GeoIPOptions geoip_method = GEOIP_STANDARD ; | |
22 | +#else | |
23 | + GeoIPOptions geoip_method = GEOIP_MMAP_CACHE ; | |
24 | +#endif | |
25 | + char *geoip_db_info ; | |
26 | + | |
27 | + /* COUNTRY DB */ | |
28 | + | |
29 | + if ( ns_g_geoip_countryDB ) | |
30 | + GeoIP_delete( ns_g_geoip_countryDB ); | |
31 | + | |
32 | + if ( GeoIP_db_avail( GEOIP_COUNTRY_EDITION ) ) { | |
33 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
34 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
35 | + "Initializing GeoIP Country DB"); | |
36 | + if ( !( ns_g_geoip_countryDB = GeoIP_open_type( GEOIP_COUNTRY_EDITION, geoip_method ) ) ) | |
37 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
38 | + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
39 | + "Failed to initialize GeoIP Country DB! " | |
40 | + "geoip_countryDB_ matches will silently fail."); | |
41 | + if (( geoip_db_info = GeoIP_database_info(ns_g_geoip_countryDB) )) | |
42 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
43 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
44 | + geoip_db_info); | |
45 | + } else | |
46 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
47 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
48 | + "GeoIP Country DB not available"); | |
49 | + | |
50 | + /* CITY DB */ | |
51 | + | |
52 | + if ( ns_g_geoip_cityDB ) | |
53 | + GeoIP_delete( ns_g_geoip_cityDB ); | |
54 | + | |
55 | + if ( GeoIP_db_avail( GEOIP_CITY_EDITION_REV1 ) ) { | |
56 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
57 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
58 | + "Initializing GeoIP City DB Revision 1"); | |
59 | + if ( !( ns_g_geoip_cityDB = GeoIP_open_type( GEOIP_CITY_EDITION_REV1, geoip_method ) ) ) | |
60 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
61 | + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
62 | + "Failed to initialize GeoIP City DB Revision 1! " | |
63 | + "geoip_cityDB_ matches will silently fail."); | |
64 | + if (( geoip_db_info = GeoIP_database_info(ns_g_geoip_cityDB) )) | |
65 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
66 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
67 | + geoip_db_info); | |
68 | + } else if ( GeoIP_db_avail( GEOIP_CITY_EDITION_REV0 ) ) { | |
69 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
70 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
71 | + "Initializing GeoIP City DB Revision 0"); | |
72 | + if ( !( ns_g_geoip_cityDB = GeoIP_open_type( GEOIP_CITY_EDITION_REV0, geoip_method ) ) ) | |
73 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
74 | + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
75 | + "Failed to initialize GeoIP City DB Revision 0! " | |
76 | + "geoip_cityDB_ matches will silently fail."); | |
77 | + if (( geoip_db_info = GeoIP_database_info(ns_g_geoip_cityDB) )) | |
78 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
79 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
80 | + geoip_db_info); | |
81 | + } else | |
82 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
83 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
84 | + "GeoIP City DB Revision 0 or 1 not available"); | |
85 | + | |
86 | + /* REGION DB */ | |
87 | + | |
88 | + if ( ns_g_geoip_regionDB ) | |
89 | + GeoIP_delete( ns_g_geoip_regionDB ); | |
90 | + | |
91 | + if ( GeoIP_db_avail( GEOIP_REGION_EDITION_REV1 ) ) { | |
92 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
93 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
94 | + "Initializing GeoIP Region DB Revision 1"); | |
95 | + if ( !( ns_g_geoip_regionDB = GeoIP_open_type( GEOIP_REGION_EDITION_REV1, geoip_method ) ) ) | |
96 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
97 | + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
98 | + "Failed to initialize GeoIP Region DB Revision 1! " | |
99 | + "geoip_regionDB_ matches will silently fail."); | |
100 | + if (( geoip_db_info = GeoIP_database_info(ns_g_geoip_regionDB) )) | |
101 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
102 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
103 | + geoip_db_info); | |
104 | + } else if ( GeoIP_db_avail( GEOIP_REGION_EDITION_REV0 ) ) { | |
105 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
106 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
107 | + "Initializing GeoIP Region DB Revision 0"); | |
108 | + if ( !( ns_g_geoip_regionDB = GeoIP_open_type( GEOIP_REGION_EDITION_REV0, geoip_method ) ) ) | |
109 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
110 | + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
111 | + "Failed to initialize GeoIP Region DB Revision 0! " | |
112 | + "geoip_regionDB_ matches will silently fail."); | |
113 | + if (( geoip_db_info = GeoIP_database_info(ns_g_geoip_regionDB) )) | |
114 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
115 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
116 | + geoip_db_info); | |
117 | + } else | |
118 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
119 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
120 | + "GeoIP Region DB Revision 0 or 1 not available"); | |
121 | + | |
122 | + /* ISP DB */ | |
123 | + | |
124 | + if ( ns_g_geoip_ispDB ) | |
125 | + GeoIP_delete( ns_g_geoip_ispDB ); | |
126 | + | |
127 | + if ( GeoIP_db_avail( GEOIP_ISP_EDITION ) ) { | |
128 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
129 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
130 | + "Initializing GeoIP ISP DB"); | |
131 | + if ( !( ns_g_geoip_ispDB = GeoIP_open_type( GEOIP_ISP_EDITION, geoip_method ) ) ) | |
132 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
133 | + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
134 | + "Failed to initialize GeoIP ISP DB! " | |
135 | + "geoip_ispDB_ matches will silently fail."); | |
136 | + if (( geoip_db_info = GeoIP_database_info(ns_g_geoip_ispDB) )) | |
137 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
138 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
139 | + geoip_db_info); | |
140 | + } else | |
141 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
142 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
143 | + "GeoIP ISP DB not available"); | |
144 | + | |
145 | + /* ORGANIZATION DB */ | |
146 | + | |
147 | + if ( ns_g_geoip_orgDB ) | |
148 | + GeoIP_delete( ns_g_geoip_orgDB ); | |
149 | + | |
150 | + if ( GeoIP_db_avail( GEOIP_ORG_EDITION ) ) { | |
151 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
152 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
153 | + "Initializing GeoIP Organization DB"); | |
154 | + if ( !( ns_g_geoip_orgDB = GeoIP_open_type( GEOIP_ORG_EDITION, geoip_method ) ) ) | |
155 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
156 | + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
157 | + "Failed to initialize GeoIP Organization DB! " | |
158 | + "geoip_orgDB_ matches will silently fail."); | |
159 | + if (( geoip_db_info = GeoIP_database_info(ns_g_geoip_orgDB) )) | |
160 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
161 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
162 | + geoip_db_info); | |
163 | + } else | |
164 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
165 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
166 | + "GeoIP Organization DB not available"); | |
167 | + | |
168 | + /* AS DB */ | |
169 | + | |
170 | + if ( ns_g_geoip_asDB ) | |
171 | + GeoIP_delete( ns_g_geoip_asDB ); | |
172 | + | |
173 | + if ( GeoIP_db_avail( GEOIP_ASNUM_EDITION ) ) { | |
174 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
175 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
176 | + "Initializing GeoIP AS DB"); | |
177 | + if ( !( ns_g_geoip_asDB = GeoIP_open_type( GEOIP_ASNUM_EDITION, geoip_method ) ) ) | |
178 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
179 | + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
180 | + "Failed to initialize GeoIP AS DB! " | |
181 | + "geoip_asDB_ matches will silently fail."); | |
182 | + if (( geoip_db_info = GeoIP_database_info(ns_g_geoip_asDB) )) | |
183 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
184 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
185 | + geoip_db_info); | |
186 | + } else | |
187 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
188 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
189 | + "GeoIP AS DB not available"); | |
190 | + | |
191 | + /* NETSPEED DB */ | |
192 | + | |
193 | + if ( ns_g_geoip_netspeedDB ) | |
194 | + GeoIP_delete( ns_g_geoip_netspeedDB ); | |
195 | + | |
196 | + if ( GeoIP_db_avail( GEOIP_NETSPEED_EDITION ) ) { | |
197 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
198 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
199 | + "Initializing GeoIP NetSpeed DB"); | |
200 | + if ( !( ns_g_geoip_netspeedDB = GeoIP_open_type( GEOIP_NETSPEED_EDITION, geoip_method ) ) ) | |
201 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
202 | + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
203 | + "Failed to initialize GeoIP NetSpeed DB! " | |
204 | + "geoip_netspeedDB_ matches will silently fail."); | |
205 | + if (( geoip_db_info = GeoIP_database_info(ns_g_geoip_netspeedDB) )) | |
206 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
207 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
208 | + geoip_db_info); | |
209 | + } else | |
210 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
211 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
212 | + "GeoIP NetSpeed DB not available"); | |
213 | + | |
214 | + /* DOMAIN DB */ | |
215 | + | |
216 | + if ( ns_g_geoip_domainDB ) | |
217 | + GeoIP_delete( ns_g_geoip_domainDB ); | |
218 | + | |
219 | + if ( GeoIP_db_avail( GEOIP_DOMAIN_EDITION ) ) { | |
220 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
221 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
222 | + "Initializing GeoIP Domain DB"); | |
223 | + if ( !( ns_g_geoip_domainDB = GeoIP_open_type( GEOIP_DOMAIN_EDITION, geoip_method ) ) ) | |
224 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
225 | + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
226 | + "Failed to initialize GeoIP Domain DB! " | |
227 | + "geoip_domainDB_ matches will silently fail."); | |
228 | + if (( geoip_db_info = GeoIP_database_info(ns_g_geoip_domainDB) )) | |
229 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
230 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
231 | + geoip_db_info); | |
232 | + } else | |
233 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
234 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
235 | + "GeoIP Domain DB not available"); | |
236 | + | |
237 | +#ifdef HAVE_GEOIP_V6 | |
238 | + | |
239 | + /* COUNTRY DB IPv6 */ | |
240 | + | |
241 | + if ( ns_g_geoip_countryDB_v6 ) | |
242 | + GeoIP_delete( ns_g_geoip_countryDB_v6 ); | |
243 | + | |
244 | + if ( GeoIP_db_avail( GEOIP_COUNTRY_EDITION_V6 ) ) { | |
245 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
246 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
247 | + "Initializing GeoIP Country DB IPv6"); | |
248 | + if ( !( ns_g_geoip_countryDB_v6 = GeoIP_open_type( GEOIP_COUNTRY_EDITION_V6, geoip_method ) ) ) | |
249 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
250 | + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
251 | + "Failed to initialize GeoIP Country DB IPv6! " | |
252 | + "geoip_countryDB_ matches will silently fail on IPv6 addresses."); | |
253 | + if (( geoip_db_info = GeoIP_database_info(ns_g_geoip_countryDB_v6) )) | |
254 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
255 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
256 | + geoip_db_info); | |
257 | + } else | |
258 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
259 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
260 | + "GeoIP Country DB IPv6 not available"); | |
261 | + | |
262 | +#endif /* HAVE_GEOIP_V6 */ | |
263 | +} /* geoip_init() */ | |
264 | + | |
265 | +#endif /* HAVE_GEOIP */ | |
266 | --- bin/named/Makefile.in.orig 2012-09-26 17:35:19.000000000 -0700 | |
267 | +++ bin/named/Makefile.in 2012-10-09 17:38:10.000000000 -0700 | |
268 | @@ -87,6 +87,7 @@ | |
269 | zoneconf.@O@ \ | |
270 | lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \ | |
271 | lwdgnba.@O@ lwdgrbn.@O@ lwdnoop.@O@ lwsearch.@O@ \ | |
272 | + geoip.@O@ \ | |
273 | ${DLZDRIVER_OBJS} ${DBDRIVER_OBJS} | |
274 | ||
275 | UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@ | |
276 | @@ -101,6 +102,7 @@ | |
277 | zoneconf.c \ | |
278 | lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \ | |
279 | lwdgnba.c lwdgrbn.c lwdnoop.c lwsearch.c \ | |
280 | + geoip.c \ | |
281 | ${DLZDRIVER_SRCS} ${DBDRIVER_SRCS} | |
282 | ||
283 | MANPAGES = named.8 lwresd.8 named.conf.5 | |
50390d1a ER |
284 | --- bin/named/server.c 2013-09-05 08:09:08.000000000 +0300 |
285 | +++ bin/named/server.c 2013-10-25 15:34:56.010749111 +0300 | |
c259b5d4 ER |
286 | @@ -52,6 +52,9 @@ |
287 | #include <isc/timer.h> | |
288 | #include <isc/util.h> | |
289 | #include <isc/xml.h> | |
290 | +#ifdef HAVE_GEOIP | |
291 | +#include <isc/geoip.h> | |
292 | +#endif /* HAVE_GEOIP */ | |
293 | ||
294 | #include <isccfg/namedconf.h> | |
295 | ||
50390d1a ER |
296 | @@ -4859,6 +4862,21 @@ |
297 | return (n); | |
c259b5d4 ER |
298 | } |
299 | ||
300 | +#ifdef HAVE_GEOIP | |
301 | +static isc_result_t | |
302 | +load_geoip(ns_server_t *server) { | |
303 | + isc_result_t result; | |
304 | + | |
305 | + result = isc_task_beginexclusive(server->task); | |
306 | + RUNTIME_CHECK(result == ISC_R_SUCCESS); | |
307 | + | |
308 | + geoip_init(); | |
309 | + | |
310 | + isc_task_endexclusive(server->task); | |
311 | + return (result); | |
312 | +} | |
313 | +#endif /* HAVE_GEOIP */ | |
314 | + | |
315 | static isc_result_t | |
50390d1a ER |
316 | load_configuration(const char *filename, ns_server_t *server, |
317 | isc_boolean_t first_time) | |
318 | @@ -5983,6 +6001,11 @@ | |
c259b5d4 ER |
319 | isc_hash_init(); |
320 | ||
50390d1a | 321 | CHECKFATAL(load_zones(server, ISC_TRUE), "loading zones"); |
c259b5d4 ER |
322 | + |
323 | +#ifdef HAVE_GEOIP | |
324 | + /* Load GeoIP DBs */ | |
325 | + CHECKFATAL(load_geoip(server), "loading GeoIP"); | |
326 | +#endif /* HAVE_GEOIP */ | |
327 | } | |
328 | ||
329 | void | |
50390d1a | 330 | @@ -6430,6 +6453,20 @@ |
c259b5d4 ER |
331 | "reloading zones failed: %s", |
332 | isc_result_totext(result)); | |
333 | ||
334 | +#ifdef HAVE_GEOIP | |
335 | + /* Reload GeoIP DBs */ | |
336 | + result = load_geoip(server); | |
337 | + if (result == ISC_R_SUCCESS) | |
338 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
339 | + NS_LOGMODULE_SERVER, ISC_LOG_INFO, | |
340 | + "reloading GeoIP succeeded"); | |
341 | + else | |
342 | + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, | |
343 | + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, | |
344 | + "reloading GeoIP failed: %s", | |
345 | + isc_result_totext(result)); | |
346 | +#endif /* HAVE_GEOIP */ | |
347 | + | |
348 | cleanup: | |
349 | return (result); | |
350 | } | |
351 | --- configure.orig 2012-09-26 17:35:19.000000000 -0700 | |
352 | +++ configure 2012-10-09 17:38:10.000000000 -0700 | |
353 | @@ -533,6 +533,10 @@ | |
354 | ## M4sh Initialization. ## | |
355 | ## -------------------- ## | |
356 | ||
357 | +touch configure.in | |
358 | +echo "ERROR: Please run autoconf to enable GeoIP support" | |
359 | +exit 1 | |
360 | + | |
361 | # Be more Bourne compatible | |
362 | DUALCASE=1; export DUALCASE # for MKS sh | |
363 | if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : | |
364 | --- configure.in.orig 2012-09-26 17:35:19.000000000 -0700 | |
365 | +++ configure.in 2012-10-09 17:38:10.000000000 -0700 | |
366 | @@ -938,6 +938,78 @@ | |
367 | esac | |
368 | AC_SUBST(PKCS11_PROVIDER) | |
369 | ||
370 | +AC_ARG_WITH(geoip, | |
371 | +[ --with-geoip=PATH Specify path for GeoIP support], | |
372 | + use_geoip="$withval", use_geoip="no") | |
373 | + | |
374 | +case "$use_geoip" in | |
375 | + no) | |
376 | + AC_MSG_CHECKING([for GeoIP support]) | |
377 | + AC_MSG_RESULT([disabled]) | |
378 | + ;; | |
379 | + *) | |
380 | + if test "$use_geoip" != "yes" | |
381 | + then | |
382 | + if test -d "$use_geoip" -o -L "$use_geoip" | |
383 | + then | |
384 | + CFLAGS="$CFLAGS -I$use_geoip/include" | |
385 | + CPPFLAGS="$CPPFLAGS -I$use_geoip/include" | |
386 | + LIBS="$LIBS -L$use_geoip/lib -Wl,-rpath=$use_geoip/lib" | |
387 | + else | |
388 | + AC_MSG_ERROR([GeoIP path $use_geoip does not exist]) | |
389 | + fi | |
390 | + fi | |
391 | + AC_CHECK_HEADER(GeoIP.h, [], | |
392 | + [AC_MSG_ERROR([GeoIP header file not found])] | |
393 | + ) | |
394 | + AC_SEARCH_LIBS(GeoIP_open, GeoIP, [], | |
395 | + [AC_MSG_ERROR([GeoIP library not found])] | |
396 | + ) | |
397 | + AC_SEARCH_LIBS(fabsf, m, [], | |
398 | + [AC_MSG_ERROR([Math library not found])] | |
399 | + ) | |
400 | + CFLAGS="${CFLAGS} -DHAVE_GEOIP" | |
401 | + AC_MSG_CHECKING([for GeoIP support]) | |
402 | + AC_MSG_RESULT([yes]) | |
403 | + | |
404 | + AC_MSG_CHECKING([for GeoIP IPv6 support]) | |
405 | + AC_COMPILE_IFELSE( | |
406 | + AC_LANG_PROGRAM([[ | |
407 | + #include <GeoIP.h> | |
408 | + #include <netinet/in.h> | |
409 | + ]], [[ | |
410 | + struct in6_addr in6; | |
411 | + | |
412 | + GeoIP_country_name_by_ipnum_v6(NULL, in6); | |
413 | + ]]), | |
414 | + [ | |
415 | + AC_MSG_RESULT([yes]) | |
416 | + CFLAGS="${CFLAGS} -DHAVE_GEOIP_V6" | |
417 | + CPPFLAGS="${CPPFLAGS} -DHAVE_GEOIP_V6" | |
418 | + ], | |
419 | + [AC_MSG_RESULT([no])] | |
420 | + ) | |
421 | + ;; | |
422 | +esac | |
423 | + | |
424 | +AC_MSG_CHECKING(for GeoIP debugging) | |
425 | +AC_ARG_WITH(geoip-debug, | |
426 | +[ --with-geoip-debug Enable GeoIP debugging messages], | |
427 | + use_geoip_debug="$withval", use_geoip_debug="no") | |
428 | + | |
429 | +case "$use_geoip_debug" in | |
430 | + no) | |
431 | + AC_MSG_RESULT([disabled]) | |
432 | + ;; | |
433 | + yes) | |
434 | + AC_MSG_RESULT([yes]) | |
435 | + CFLAGS="${CFLAGS} -DDEBUG_GEOIP" | |
436 | + ;; | |
437 | + *) | |
438 | + AC_MSG_ERROR([--with-geoip-debug requires yes or no]) | |
439 | + ;; | |
440 | +esac | |
441 | + | |
442 | AC_MSG_CHECKING(for GSSAPI library) | |
443 | AC_ARG_WITH(gssapi, | |
444 | [ --with-gssapi=PATH Specify path for system-supplied GSSAPI [[default=yes]]], | |
445 | --- lib/isccfg/aclconf.c.orig 2012-09-26 17:35:19.000000000 -0700 | |
446 | +++ lib/isccfg/aclconf.c 2012-10-09 17:38:10.000000000 -0700 | |
447 | @@ -31,6 +31,11 @@ | |
448 | #include <dns/fixedname.h> | |
449 | #include <dns/log.h> | |
450 | ||
451 | +#ifdef HAVE_GEOIP | |
452 | +#include <stdlib.h> | |
453 | +#include <math.h> | |
454 | +#endif /* HAVE_GEOIP */ | |
455 | + | |
456 | #define LOOP_MAGIC ISC_MAGIC('L','O','O','P') | |
457 | ||
458 | isc_result_t | |
459 | @@ -249,6 +254,12 @@ | |
460 | if (strcasecmp(name, "localhost") == 0 || | |
461 | strcasecmp(name, "localnets") == 0) { | |
462 | n++; | |
463 | +#ifdef HAVE_GEOIP | |
464 | + /* country_ for backwards compatibility with geodns */ | |
465 | + } else if (strncasecmp(name, "country_", 8) == 0 || | |
466 | + strncasecmp(name, "geoip_", 6) == 0) { | |
467 | + n++; | |
468 | +#endif /* HAVE_GEOIP */ | |
469 | } else if (strcasecmp(name, "any") != 0 && | |
470 | strcasecmp(name, "none") != 0) { | |
471 | result = get_acl_def(cctx, name, &cacl); | |
472 | @@ -441,6 +452,336 @@ | |
473 | de->negative = !neg; | |
474 | } else | |
475 | continue; | |
476 | +#ifdef HAVE_GEOIP | |
477 | + } else if (strncasecmp(name, "country_", 8) == 0) { | |
478 | + if (strlen(name+8) == 2) { | |
479 | + de->geoip_countryDB.subtype = geoip_countryDB_country_code ; | |
480 | + strncpy( de->geoip_countryDB.country_code, name+8, 2 ); | |
481 | + } else { | |
482 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
483 | + "unrecognized GeoIP Country DB ACL: %s", name ); | |
484 | + result = ISC_R_FAILURE; | |
485 | + goto cleanup; | |
486 | + } | |
487 | + de->type = dns_aclelementtype_geoip_countryDB; | |
488 | + de->negative = neg; | |
489 | + } /* country_XX (backwards compatibility) */ | |
490 | + else if (strncasecmp(name, "geoip_countryDB_", 16) == 0) { | |
491 | + const char *noff = name+16 ; | |
492 | + | |
493 | + if ((strncasecmp(noff, "country_", 8) == 0) && (strlen(noff+8) == 2)) { | |
494 | + de->geoip_countryDB.subtype = geoip_countryDB_country_code ; | |
495 | + strncpy( de->geoip_countryDB.country_code, noff+8, 2 ); | |
496 | + } else if ((strncasecmp(noff, "country3_", 9) == 0) && (strlen(noff+9) == 3)) { | |
497 | + de->geoip_countryDB.subtype = geoip_countryDB_country_code3 ; | |
498 | + strncpy( de->geoip_countryDB.country_code3, noff+9, 3 ); | |
499 | + } else if (strncasecmp(noff, "country_name_", 13) == 0) { | |
500 | + unsigned int c ; | |
501 | + | |
502 | + de->geoip_countryDB.subtype = geoip_countryDB_country_name ; | |
503 | + strncpy( de->geoip_countryDB.country_name, noff+13, 255 ); | |
504 | + de->geoip_countryDB.country_name[255] = '\0' ; | |
505 | + for ( c=0 ; c < strlen(de->geoip_countryDB.country_name) ; c++ ) | |
506 | + if ( de->geoip_countryDB.country_name[c] == '_' ) | |
507 | + de->geoip_countryDB.country_name[c] = ' '; | |
508 | + else if ( de->geoip_countryDB.country_name[c] == '|' ) | |
509 | + de->geoip_countryDB.country_name[c] = '/'; | |
510 | + } else { | |
511 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
512 | + "unrecognized GeoIP Country DB ACL: %s", name ); | |
513 | + result = ISC_R_FAILURE; | |
514 | + goto cleanup; | |
515 | + } | |
516 | + de->type = dns_aclelementtype_geoip_countryDB; | |
517 | + de->negative = neg; | |
518 | + } /* geoip_countryDB_ */ | |
519 | + else if (strncasecmp(name, "geoip_cityDB_", 13) == 0) { | |
520 | + const char *noff = name+13 ; | |
521 | + int match ; | |
522 | + float flowt[4] ; | |
523 | + char radius_type[2+1] ; | |
524 | + | |
525 | + if ((strncasecmp(noff, "country_", 8) == 0) && (strlen(noff+8) == 2)) { | |
526 | + de->geoip_cityDB.subtype = geoip_cityDB_country_code ; | |
527 | + strncpy( de->geoip_cityDB.country_code, noff+8, 2 ); | |
528 | + } else if ((strncasecmp(noff, "country3_", 9) == 0) && (strlen(noff+9) == 3)) { | |
529 | + de->geoip_cityDB.subtype = geoip_cityDB_country_code3 ; | |
530 | + strncpy( de->geoip_cityDB.country_code3, noff+9, 3 ); | |
531 | + } else if ((strncasecmp(noff, "region_", 7) == 0) && (strlen(noff+7) == 2)) { | |
532 | + de->geoip_cityDB.subtype = geoip_cityDB_region ; | |
533 | + strncpy( de->geoip_cityDB.region, noff+7, 2 ); | |
534 | + } else if (strncasecmp(noff, "regionname_", 11) == 0) { | |
535 | + unsigned int c ; | |
536 | + | |
537 | + de->geoip_cityDB.subtype = geoip_cityDB_region_name ; | |
538 | + strncpy( de->geoip_cityDB.region_name, noff+11, 255 ); | |
539 | + de->geoip_cityDB.region_name[255] = '\0' ; | |
540 | + for ( c=0 ; c < strlen(de->geoip_cityDB.region_name) ; c++ ) | |
541 | + if ( de->geoip_cityDB.region_name[c] == '_' ) | |
542 | + de->geoip_cityDB.region_name[c] = ' '; | |
543 | + else if ( de->geoip_cityDB.region_name[c] == '|' ) | |
544 | + de->geoip_cityDB.region_name[c] = '/'; | |
545 | + } else if (strncasecmp(noff, "city_", 5) == 0) { | |
546 | + unsigned int c ; | |
547 | + | |
548 | + de->geoip_cityDB.subtype = geoip_cityDB_city ; | |
549 | + strncpy( de->geoip_cityDB.city, noff+5, 255 ); | |
550 | + de->geoip_cityDB.city[255] = '\0' ; | |
551 | + for ( c=0 ; c < strlen(de->geoip_cityDB.city) ; c++ ) | |
552 | + if ( de->geoip_cityDB.city[c] == '_' ) | |
553 | + de->geoip_cityDB.city[c] = ' '; | |
554 | + else if ( de->geoip_cityDB.city[c] == '|' ) | |
555 | + de->geoip_cityDB.city[c] = '/'; | |
556 | + } else if ((strncasecmp(noff, "postal_", 7) == 0) && (strlen(noff+7) <= 6)) { | |
557 | + de->geoip_cityDB.subtype = geoip_cityDB_postal_code ; | |
558 | + strncpy( de->geoip_cityDB.postal_code, noff+7, 6 ); | |
559 | + de->geoip_cityDB.postal_code[6] = '\0' ; | |
560 | + } else if (( match = sscanf(noff, "lat_%f_lat_%f_lon_%f_lon_%f", &flowt[0], &flowt[1], &flowt[2], &flowt[3]) ) == 4 ) { | |
561 | + if ( fabsf(flowt[0]) >= 90 || fabsf(flowt[1]) >= 90 | |
562 | + || fabsf(flowt[2]) >= 180 || fabsf(flowt[3]) >= 180 ) { | |
563 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
564 | + "GeoIP ACL includes invalid lat,lat,lon,lon: %f,%f,%f,%f", flowt[0], flowt[1], flowt[2], flowt[3] ); | |
565 | + result = ISC_R_FAILURE; | |
566 | + goto cleanup; | |
567 | + } | |
568 | + | |
569 | + if ( flowt[0] == flowt[1] || flowt[2] == flowt[3] ) { | |
570 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
571 | + "GeoIP ACL includes invariant lat vs. lat or lon vs. lon: %f,%f %f,%f", flowt[0], flowt[1], flowt[2], flowt[3] ); | |
572 | + result = ISC_R_FAILURE; | |
573 | + goto cleanup; | |
574 | + } | |
575 | + | |
576 | + de->geoip_cityDB.subtype = geoip_cityDB_range ; | |
577 | + de->geoip_cityDB.lat[0] = flowt[0] ; | |
578 | + de->geoip_cityDB.lat[1] = flowt[1] ; | |
579 | + de->geoip_cityDB.lon[0] = flowt[2] ; | |
580 | + de->geoip_cityDB.lon[1] = flowt[3] ; | |
581 | + } else if (( match = sscanf(noff, "lat_%f_lat_%f", &flowt[0], &flowt[1]) ) == 2 ) { | |
582 | + if ( flowt[0] == flowt[1] ) { | |
583 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
584 | + "GeoIP ACL includes invariant lat vs. lat: %f,%f", flowt[0], flowt[1] ); | |
585 | + result = ISC_R_FAILURE; | |
586 | + goto cleanup; | |
587 | + } | |
588 | + | |
589 | + de->geoip_cityDB.subtype = geoip_cityDB_range ; | |
590 | + de->geoip_cityDB.lat[0] = flowt[0] ; | |
591 | + de->geoip_cityDB.lat[1] = flowt[1] ; | |
592 | + de->geoip_cityDB.lon[0] = 0.0 ; | |
593 | + de->geoip_cityDB.lon[1] = 0.0 ; | |
594 | + } else if (( match = sscanf(noff, "lon_%f_lon_%f", &flowt[0], &flowt[1]) ) == 2 ) { | |
595 | + if ( flowt[0] == flowt[1] ) { | |
596 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
597 | + "GeoIP ACL includes invariant lon vs. lon: %f,%f", flowt[0], flowt[1] ); | |
598 | + result = ISC_R_FAILURE; | |
599 | + goto cleanup; | |
600 | + } | |
601 | + | |
602 | + de->geoip_cityDB.subtype = geoip_cityDB_range ; | |
603 | + de->geoip_cityDB.lon[0] = flowt[0] ; | |
604 | + de->geoip_cityDB.lon[1] = flowt[1] ; | |
605 | + de->geoip_cityDB.lat[0] = 0.0 ; | |
606 | + de->geoip_cityDB.lat[1] = 0.0 ; | |
607 | + } else if (( match = sscanf(noff, "lat_%f_lon_%f_radius_%f%2s", &flowt[0], &flowt[1], &flowt[2], radius_type) ) == 4 ) { | |
608 | + float de2ra = acos(-1)/180 ; | |
609 | + float factor = fabsf( cos( flowt[0] * de2ra ) ); | |
610 | + | |
611 | + if ( fabsf(flowt[0]) >= 90 || fabsf(flowt[1]) >= 180 ) { | |
612 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
613 | + "GeoIP ACL includes invalid lat,lon: %f,%f", flowt[0], flowt[1] ); | |
614 | + result = ISC_R_FAILURE; | |
615 | + goto cleanup; | |
616 | + } | |
617 | + | |
618 | + if ( flowt[2] <= 0 ) { | |
619 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
620 | + "GeoIP ACL includes invalid radius value: %f", flowt[2] ); | |
621 | + result = ISC_R_FAILURE; | |
622 | + goto cleanup; | |
623 | + } | |
624 | + | |
625 | + if ( strncasecmp( radius_type, "mi", 2 ) == 0 ) { | |
626 | + static float earth_radius_mi = 3958.761 ; | |
627 | + float mi_de = earth_radius_mi * de2ra ; | |
628 | + | |
629 | + de->geoip_cityDB.radius[0] = ( flowt[2] / mi_de ); | |
630 | + de->geoip_cityDB.radius[1] = ( flowt[2] / mi_de ) * factor ; | |
631 | + } | |
632 | + else if ( strncasecmp( radius_type, "km", 2 ) == 0 ) { | |
633 | + static float earth_radius_km = 6371.009 ; | |
634 | + float km_de = earth_radius_km * de2ra ; | |
635 | + | |
636 | + de->geoip_cityDB.radius[0] = ( flowt[2] / km_de ); | |
637 | + de->geoip_cityDB.radius[1] = ( flowt[2] / km_de ) * factor ; | |
638 | + } | |
639 | + else if ( strncasecmp( radius_type, "de", 2 ) == 0 ) { | |
640 | + de->geoip_cityDB.radius[0] = flowt[2] ; | |
641 | + de->geoip_cityDB.radius[1] = flowt[2] ; | |
642 | + } | |
643 | + else { | |
644 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
645 | + "unrecognized GeoIP ACL (need mi, km, or de): %s", name ); | |
646 | + result = ISC_R_FAILURE; | |
647 | + goto cleanup; | |
648 | + } | |
649 | + de->geoip_cityDB.subtype = geoip_cityDB_radius ; | |
650 | + de->geoip_cityDB.lat[0] = flowt[0] ; | |
651 | + de->geoip_cityDB.lon[0] = flowt[1] ; | |
652 | + de->geoip_cityDB.lat[1] = 0.0 ; | |
653 | + de->geoip_cityDB.lon[1] = 0.0 ; | |
654 | + } else if (strncasecmp(noff, "metro_", 6) == 0) { | |
655 | + de->geoip_cityDB.subtype = geoip_cityDB_metro_code ; | |
656 | + de->geoip_cityDB.metro_code = atoi( noff+6 ); | |
657 | + } else if (strncasecmp(noff, "area_", 5) == 0) { | |
658 | + de->geoip_cityDB.subtype = geoip_cityDB_area_code ; | |
659 | + de->geoip_cityDB.area_code = atoi( noff+5 ); | |
660 | + } else if ((strncasecmp(noff, "continent_", 10) == 0) && (strlen(noff+10) == 2)) { | |
661 | + de->geoip_cityDB.subtype = geoip_cityDB_continent_code ; | |
662 | + strncpy( de->geoip_cityDB.continent_code, noff+10, 2 ); | |
663 | + } else if (strncasecmp(noff, "timezone_", 9) == 0) { | |
664 | + unsigned int c ; | |
665 | + | |
666 | + de->geoip_cityDB.subtype = geoip_cityDB_timezone_code ; | |
667 | + strncpy( de->geoip_cityDB.timezone_code, noff+9, 255 ); | |
668 | + de->geoip_cityDB.timezone_code[255] = '\0'; | |
669 | + for ( c=0 ; c < strlen(de->geoip_cityDB.timezone_code) ; c++ ) | |
670 | + if ( de->geoip_cityDB.timezone_code[c] == '_' ) | |
671 | + de->geoip_cityDB.timezone_code[c] = ' '; | |
672 | + else if ( de->geoip_cityDB.timezone_code[c] == '|' ) | |
673 | + de->geoip_cityDB.timezone_code[c] = '/'; | |
674 | + } else { | |
675 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
676 | + "unrecognized GeoIP City DB ACL: %s", name ); | |
677 | + result = ISC_R_FAILURE; | |
678 | + goto cleanup; | |
679 | + } | |
680 | + de->type = dns_aclelementtype_geoip_cityDB; | |
681 | + de->negative = neg; | |
682 | + } /* geoip_cityDB_ */ | |
683 | + else if (strncasecmp(name, "geoip_regionDB_", 15) == 0) { | |
684 | + const char *noff = name+15 ; | |
685 | + | |
686 | + if ((strncasecmp(noff, "country_", 8) == 0) && (strlen(noff+8) == 2)) { | |
687 | + de->geoip_regionDB.subtype = geoip_regionDB_country_code ; | |
688 | + strncpy( de->geoip_regionDB.country_code, noff+8, 2 ); | |
689 | + } else if ((strncasecmp(noff, "region_", 7) == 0) && (strlen(noff+7) == 2)) { | |
690 | + de->geoip_regionDB.subtype = geoip_regionDB_region ; | |
691 | + strncpy( de->geoip_regionDB.region, noff+7, 2 ); | |
692 | + } else { | |
693 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
694 | + "unrecognized GeoIP Region DB ACL: %s", name ); | |
695 | + result = ISC_R_FAILURE; | |
696 | + goto cleanup; | |
697 | + } | |
698 | + de->type = dns_aclelementtype_geoip_regionDB; | |
699 | + de->negative = neg; | |
700 | + } /* geoip_regionDB_ */ | |
701 | + else if (strncasecmp(name, "geoip_ispDB_", 12) == 0) { | |
702 | + const char *noff = name+12 ; | |
703 | + | |
704 | + if (strncasecmp(noff, "name_", 5) == 0) { | |
705 | + unsigned int c ; | |
706 | + | |
707 | + de->geoip_ispDB.subtype = geoip_ispDB_name ; | |
708 | + strncpy( de->geoip_ispDB.name, noff+5, 50 ); | |
709 | + de->geoip_ispDB.name[50] = '\0'; | |
710 | + for ( c=0 ; c < strlen(de->geoip_ispDB.name) ; c++ ) | |
711 | + if ( de->geoip_ispDB.name[c] == '_' ) | |
712 | + de->geoip_ispDB.name[c] = ' '; | |
713 | + } else { | |
714 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
715 | + "unrecognized GeoIP ISP DB ACL: %s", name ); | |
716 | + result = ISC_R_FAILURE; | |
717 | + goto cleanup; | |
718 | + } | |
719 | + de->type = dns_aclelementtype_geoip_ispDB; | |
720 | + de->negative = neg; | |
721 | + } /* geoip_ispDB_ */ | |
722 | + else if (strncasecmp(name, "geoip_orgDB_", 12) == 0) { | |
723 | + const char *noff = name+12 ; | |
724 | + | |
725 | + if (strncasecmp(noff, "name_", 5) == 0) { | |
726 | + unsigned int c ; | |
727 | + | |
728 | + de->geoip_orgDB.subtype = geoip_orgDB_name ; | |
729 | + strncpy( de->geoip_orgDB.name, noff+5, 50 ); | |
730 | + de->geoip_orgDB.name[50] = '\0'; | |
731 | + for ( c=0 ; c < strlen(de->geoip_orgDB.name) ; c++ ) | |
732 | + if ( de->geoip_orgDB.name[c] == '_' ) | |
733 | + de->geoip_orgDB.name[c] = ' '; | |
734 | + else if ( de->geoip_orgDB.name[c] == '|' ) | |
735 | + de->geoip_orgDB.name[c] = '/'; | |
736 | + } else { | |
737 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
738 | + "unrecognized GeoIP Organization DB ACL: %s", name ); | |
739 | + result = ISC_R_FAILURE; | |
740 | + goto cleanup; | |
741 | + } | |
742 | + de->type = dns_aclelementtype_geoip_orgDB; | |
743 | + de->negative = neg; | |
744 | + } /* geoip_orgDB_ */ | |
745 | + else if (strncasecmp(name, "geoip_asDB_", 11) == 0) { | |
746 | + const char *noff = name+11 ; | |
747 | + | |
748 | + if (strncasecmp(noff, "org_", 4) == 0) { | |
749 | + unsigned int c ; | |
750 | + | |
751 | + de->geoip_asDB.subtype = geoip_asDB_org ; | |
752 | + strncpy( de->geoip_asDB.org, noff+4, 50 ); | |
753 | + de->geoip_asDB.org[50] = '\0'; | |
754 | + for ( c=0 ; c < strlen(de->geoip_asDB.org) ; c++ ) | |
755 | + if ( de->geoip_asDB.org[c] == '_' ) | |
756 | + de->geoip_asDB.org[c] = ' '; | |
757 | + else if ( de->geoip_asDB.org[c] == '|' ) | |
758 | + de->geoip_asDB.org[c] = '/'; | |
759 | + } else { | |
760 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
761 | + "unrecognized GeoIP AS DB ACL: %s", name ); | |
762 | + result = ISC_R_FAILURE; | |
763 | + goto cleanup; | |
764 | + } | |
765 | + de->type = dns_aclelementtype_geoip_asDB; | |
766 | + de->negative = neg; | |
767 | + } /* geoip_asDB_ */ | |
768 | + else if (strncasecmp(name, "geoip_netspeedDB_", 17) == 0) { | |
769 | + const char *noff = name+17 ; | |
770 | + | |
771 | + if (strncasecmp(noff, "id_", 3) == 0) { | |
772 | + de->geoip_netspeedDB.subtype = geoip_netspeedDB_id ; | |
773 | + de->geoip_netspeedDB.id = atoi( noff+3 ); | |
774 | + } else { | |
775 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
776 | + "unrecognized GeoIP NetSpeed DB ACL: %s", name ); | |
777 | + result = ISC_R_FAILURE; | |
778 | + goto cleanup; | |
779 | + } | |
780 | + de->type = dns_aclelementtype_geoip_netspeedDB; | |
781 | + de->negative = neg; | |
782 | + } /* geoip_netspeedDB_ */ | |
783 | + else if (strncasecmp(name, "geoip_domainDB_", 15) == 0) { | |
784 | + const char *noff = name+15 ; | |
785 | + | |
786 | + if (strncasecmp(noff, "name_", 5) == 0) { | |
787 | + unsigned int c ; | |
788 | + | |
789 | + de->geoip_domainDB.subtype = geoip_domainDB_name ; | |
790 | + strncpy( de->geoip_domainDB.name, noff+5, 255 ); | |
791 | + de->geoip_domainDB.name[255] = '\0'; | |
792 | + for ( c=0 ; c < strlen(de->geoip_domainDB.name) ; c++ ) | |
793 | + if ( de->geoip_domainDB.name[c] == '_' ) | |
794 | + de->geoip_domainDB.name[c] = ' '; | |
795 | + else if ( de->geoip_domainDB.name[c] == '|' ) | |
796 | + de->geoip_domainDB.name[c] = '/'; | |
797 | + } else { | |
798 | + cfg_obj_log(ce, lctx, ISC_LOG_ERROR, | |
799 | + "unrecognized GeoIP Domain DB ACL: %s", name ); | |
800 | + result = ISC_R_FAILURE; | |
801 | + goto cleanup; | |
802 | + } | |
803 | + de->type = dns_aclelementtype_geoip_domainDB; | |
804 | + de->negative = neg; | |
805 | +#endif /* HAVE_GEOIP */ | |
806 | } else if (strcasecmp(name, "localhost") == 0) { | |
807 | de->type = dns_aclelementtype_localhost; | |
808 | de->negative = neg; | |
809 | --- lib/isc/include/isc/geoip.h.orig 2012-10-09 17:38:10.000000000 -0700 | |
810 | +++ lib/isc/include/isc/geoip.h 2012-10-09 17:38:10.000000000 -0700 | |
811 | @@ -0,0 +1,25 @@ | |
812 | +#ifdef HAVE_GEOIP | |
813 | +#ifndef _GEOIP_H | |
814 | +#define _GEOIP_H | |
815 | + | |
816 | +#include <GeoIP.h> | |
817 | +#include <GeoIPCity.h> | |
818 | + | |
819 | +void geoip_init( void ); | |
820 | + | |
821 | +extern GeoIP * ns_g_geoip_countryDB ; /* 1 */ | |
822 | +extern GeoIP * ns_g_geoip_cityDB ; /* 2&6 */ | |
823 | +extern GeoIP * ns_g_geoip_regionDB ; /* 3&7 */ | |
824 | +extern GeoIP * ns_g_geoip_ispDB ; /* 4 */ | |
825 | +extern GeoIP * ns_g_geoip_orgDB ; /* 5 */ | |
826 | +/* proxyDB doesn't apply in a DNS context * 8 */ | |
827 | +extern GeoIP * ns_g_geoip_asDB ; /* 9 */ | |
828 | +extern GeoIP * ns_g_geoip_netspeedDB ; /* 10 */ | |
829 | +extern GeoIP * ns_g_geoip_domainDB ; /* 11 */ | |
830 | +#ifdef HAVE_GEOIP_V6 | |
831 | +extern GeoIP * ns_g_geoip_countryDB_v6 ; /* 12 */ | |
832 | +#endif | |
833 | + | |
834 | +#endif /* !_GEOIP_H */ | |
835 | +#endif /* HAVE_GEOIP */ | |
836 | + | |
837 | --- lib/dns/acl.c.orig 2012-09-26 17:35:19.000000000 -0700 | |
838 | +++ lib/dns/acl.c 2012-10-09 17:38:10.000000000 -0700 | |
839 | @@ -29,6 +29,72 @@ | |
840 | #include <dns/acl.h> | |
841 | #include <dns/iptable.h> | |
842 | ||
843 | +#ifdef HAVE_GEOIP | |
844 | +#include <isc/thread.h> | |
845 | +#include <math.h> | |
846 | +#include <netinet/in.h> | |
847 | +#include <dns/log.h> | |
848 | +#include <GeoIP.h> | |
849 | +#include <GeoIPCity.h> | |
850 | +#include <isc/geoip.h> | |
851 | + | |
852 | +GeoIP * ns_g_geoip_countryDB = (GeoIP *)NULL ; | |
853 | +GeoIP * ns_g_geoip_cityDB = (GeoIP *)NULL ; | |
854 | +GeoIP * ns_g_geoip_regionDB = (GeoIP *)NULL ; | |
855 | +GeoIP * ns_g_geoip_ispDB = (GeoIP *)NULL ; | |
856 | +GeoIP * ns_g_geoip_orgDB = (GeoIP *)NULL ; | |
857 | +GeoIP * ns_g_geoip_asDB = (GeoIP *)NULL ; | |
858 | +GeoIP * ns_g_geoip_netspeedDB = (GeoIP *)NULL ; | |
859 | +GeoIP * ns_g_geoip_domainDB = (GeoIP *)NULL ; | |
860 | +#ifdef HAVE_GEOIP_V6 | |
861 | +GeoIP * ns_g_geoip_countryDB_v6 = (GeoIP *)NULL ; | |
862 | +#endif | |
863 | + | |
864 | +#ifdef ISC_PLATFORM_USETHREADS | |
865 | +/* CITY IPNUM v4 */ | |
866 | +static isc_once_t prev_cityDB_ipnum_once = ISC_ONCE_INIT; | |
867 | +static isc_thread_key_t prev_cityDB_ipnum ; | |
868 | +static void | |
869 | +initialize_prev_cityDB_ipnum( void ) { | |
870 | + RUNTIME_CHECK(isc_thread_key_create( &prev_cityDB_ipnum, (void *)NULL) == ISC_R_SUCCESS); | |
871 | +} | |
872 | +static uint32_t | |
873 | +get_prev_cityDB_ipnum() { | |
874 | + uint32_t *preval = (uint32_t *)isc_thread_key_getspecific( prev_cityDB_ipnum ); | |
875 | + if ( preval ) | |
876 | + return *preval ; | |
877 | + return 0 ; | |
878 | +} | |
879 | +static void | |
880 | +set_prev_cityDB_ipnum( const uint32_t in_ipnum ) { | |
881 | + uint32_t *preval = (uint32_t *)isc_thread_key_getspecific( prev_cityDB_ipnum ); | |
882 | + if ( preval ) | |
883 | + free(preval); | |
884 | + if (( preval = (uint32_t *)malloc( sizeof(uint32_t) ) )) | |
885 | + *preval = in_ipnum ; | |
886 | + isc_thread_key_setspecific( prev_cityDB_ipnum, preval ); | |
887 | +} | |
888 | +/* CITY RECORD */ | |
889 | +static isc_once_t prev_cityDB_record_once = ISC_ONCE_INIT; | |
890 | +static isc_thread_key_t prev_cityDB_record ; | |
891 | +static void | |
892 | +initialize_prev_cityDB_record( void ) { | |
893 | + RUNTIME_CHECK(isc_thread_key_create( &prev_cityDB_record, (void *)NULL) == ISC_R_SUCCESS); | |
894 | +} | |
895 | +static GeoIPRecord * | |
896 | +get_prev_cityDB_record() { | |
897 | + return (GeoIPRecord *)isc_thread_key_getspecific( prev_cityDB_record ); | |
898 | +} | |
899 | +static void | |
900 | +set_prev_cityDB_record( GeoIPRecord *in_record ) { | |
901 | + GeoIPRecord *preval = get_prev_cityDB_record(); | |
902 | + if ( preval ) | |
903 | + GeoIPRecord_delete( preval ); | |
904 | + isc_thread_key_setspecific(prev_cityDB_record, in_record); | |
905 | +} | |
906 | +#endif /* ISC_PLATFORM_USETHREADS */ | |
907 | +#endif /* HAVE_GEOIP */ | |
908 | + | |
909 | /* | |
910 | * Create a new ACL, including an IP table and an array with room | |
911 | * for 'n' ACL elements. The elements are uninitialized and the | |
912 | @@ -375,6 +441,43 @@ | |
913 | dns_acl_t *inner = NULL; | |
914 | int indirectmatch; | |
915 | isc_result_t result; | |
916 | +#ifdef HAVE_GEOIP | |
917 | + uint32_t ipnum = 0; | |
918 | +#ifdef HAVE_GEOIP_V6 | |
919 | + const geoipv6_t *ipnum6 = NULL; | |
920 | +#ifdef DEBUG_GEOIP | |
921 | + /* Use longest address type to size the buffer */ | |
922 | + char ipstr[INET6_ADDRSTRLEN+1] = ""; | |
923 | +#endif | |
924 | +#else /* HAVE_GEOIP_V6 */ | |
925 | +#ifdef DEBUG_GEOIP | |
926 | + char ipstr[INET_ADDRSTRLEN+1] = ""; | |
927 | +#endif | |
928 | +#endif /* HAVE_GEOIP_V6 */ | |
929 | + | |
930 | + switch ( reqaddr->family ) { | |
931 | + case AF_INET: | |
932 | + ipnum = ntohl(reqaddr->type.in.s_addr); | |
933 | +#ifdef DEBUG_GEOIP | |
934 | + inet_ntop(AF_INET, &reqaddr->type.in, ipstr, INET_ADDRSTRLEN); | |
935 | +#endif | |
936 | + break; | |
937 | +#ifdef HAVE_GEOIP_V6 | |
938 | + case AF_INET6: | |
939 | + ipnum6 = &reqaddr->type.in6; | |
940 | +#ifdef DEBUG_GEOIP | |
941 | + inet_ntop(AF_INET6, &reqaddr->type.in6, ipstr, INET6_ADDRSTRLEN); | |
942 | +#endif | |
943 | + break; | |
944 | +#endif | |
945 | + } | |
946 | + if ( !ipnum ) | |
947 | + return(ISC_FALSE); | |
948 | +#ifdef HAVE_GEOIP_V6 | |
949 | + if ( !ipnum && !ipnum6 ) | |
950 | + return(ISC_FALSE); | |
951 | +#endif | |
952 | +#endif /* HAVE_GEOIP */ | |
953 | ||
954 | switch (e->type) { | |
955 | case dns_aclelementtype_keyname: | |
956 | @@ -391,6 +494,477 @@ | |
957 | inner = e->nestedacl; | |
958 | break; | |
959 | ||
960 | +#ifdef HAVE_GEOIP | |
961 | + /* GeoIPRecord lookups are only performed if the previous lookup was | |
962 | + * with a different IP address than the current. | |
963 | + * | |
964 | + * This allows only a single GeoIPRecord lookup per query for an entire | |
965 | + * configuration pass, instead of a GeoIPRecord lookup for each and | |
966 | + * every instance of a geoip_* ACL. Because of this, CityDB /may/ scale | |
967 | + * more nicely than other DBs. | |
968 | + * | |
969 | + * The mechanism consists of simple statics (prev_ipnum, prev_record) | |
970 | + * for non-threaded operation, and an unspeakably painful TLS mechanism | |
971 | + * for threaded operation. | |
972 | + */ | |
973 | + case dns_aclelementtype_geoip_countryDB: { | |
974 | + short int georesult = 0 ; | |
975 | + const char *result = (const char *)NULL ; | |
976 | + | |
977 | + if ( ( ipnum && !ns_g_geoip_countryDB ) | |
978 | +#ifdef HAVE_GEOIP_V6 | |
979 | + || ( ipnum6 && !ns_g_geoip_countryDB_v6 ) | |
980 | +#endif | |
981 | + ) | |
982 | + return(ISC_FALSE); | |
983 | + | |
984 | + switch ( e->geoip_countryDB.subtype ) { | |
985 | + case geoip_countryDB_country_code: | |
986 | + if ( ipnum ) | |
987 | + result = GeoIP_country_code_by_ipnum( ns_g_geoip_countryDB, ipnum ); | |
988 | +#ifdef HAVE_GEOIP_V6 | |
989 | + else if ( ipnum6 ) | |
990 | + result = GeoIP_country_code_by_ipnum_v6( ns_g_geoip_countryDB_v6, *ipnum6 ); | |
991 | +#endif | |
992 | + if ( result ) | |
993 | + georesult = ( strncasecmp( e->geoip_countryDB.country_code, result, 2 ) == 0 ); | |
994 | +#ifdef DEBUG_GEOIP | |
995 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
996 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
997 | + "client %s: geoip_countryDB_country_code compared result \"%s\" to rule \"%s\", got %d neg %d", | |
998 | + ipstr, | |
999 | + result, e->geoip_countryDB.country_code, | |
1000 | + georesult, e->negative); | |
1001 | +#endif | |
1002 | + break; | |
1003 | + case geoip_countryDB_country_code3: | |
1004 | + if ( ipnum ) | |
1005 | + result = GeoIP_country_code3_by_ipnum( ns_g_geoip_countryDB, ipnum ); | |
1006 | +#ifdef HAVE_GEOIP_V6 | |
1007 | + else if ( ipnum6 ) | |
1008 | + result = GeoIP_country_code3_by_ipnum_v6( ns_g_geoip_countryDB_v6, *ipnum6 ); | |
1009 | +#endif | |
1010 | + if ( result ) | |
1011 | + georesult = ( strncasecmp( e->geoip_countryDB.country_code3, result, 3 ) == 0 ); | |
1012 | +#ifdef DEBUG_GEOIP | |
1013 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1014 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1015 | + "client %s: geoip_countryDB_country_code3 compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1016 | + ipstr, | |
1017 | + result, e->geoip_countryDB.country_code3, | |
1018 | + georesult, e->negative); | |
1019 | +#endif | |
1020 | + break; | |
1021 | + case geoip_countryDB_country_name: | |
1022 | + if ( ipnum ) | |
1023 | + result = GeoIP_country_name_by_ipnum( ns_g_geoip_countryDB, ipnum ); | |
1024 | +#ifdef HAVE_GEOIP_V6 | |
1025 | + else if ( ipnum6 ) | |
1026 | + result = GeoIP_country_name_by_ipnum_v6( ns_g_geoip_countryDB_v6, *ipnum6 ); | |
1027 | +#endif | |
1028 | + if ( result ) | |
1029 | + georesult = ( strcasecmp( e->geoip_countryDB.country_name, result ) == 0 ); | |
1030 | +#ifdef DEBUG_GEOIP | |
1031 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1032 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1033 | + "client %s: geoip_countryDB_country_name compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1034 | + ipstr, | |
1035 | + result, e->geoip_countryDB.country_name, | |
1036 | + georesult, e->negative); | |
1037 | +#endif | |
1038 | + break; | |
1039 | + default: | |
1040 | + break; | |
1041 | + } /* switch */ | |
1042 | + return( georesult ? ISC_TRUE : ISC_FALSE ); | |
1043 | + } /* case geoip_countryDB */ | |
1044 | + | |
1045 | + case dns_aclelementtype_geoip_cityDB: { | |
1046 | + short int georesult = 0 ; | |
1047 | + const char *scratch = (const char *)NULL; | |
1048 | + GeoIPRecord *record = (GeoIPRecord *)NULL ; | |
1049 | +#ifdef ISC_PLATFORM_USETHREADS | |
1050 | + uint32_t prev_cityDB_ipnum = get_prev_cityDB_ipnum(); | |
1051 | + | |
1052 | + GeoIPRecord *prev_cityDB_record = (GeoIPRecord *)NULL ; | |
1053 | + | |
1054 | + RUNTIME_CHECK( | |
1055 | + isc_once_do(&prev_cityDB_ipnum_once, initialize_prev_cityDB_ipnum) == ISC_R_SUCCESS | |
1056 | + ); | |
1057 | + RUNTIME_CHECK( | |
1058 | + isc_once_do(&prev_cityDB_record_once, initialize_prev_cityDB_record) == ISC_R_SUCCESS | |
1059 | + ); | |
1060 | + | |
1061 | + prev_cityDB_record = get_prev_cityDB_record(); | |
1062 | +#else | |
1063 | + static uint32_t prev_cityDB_ipnum = 0 ; | |
1064 | + static void *prev_cityDB_record ; | |
1065 | +#endif | |
1066 | + | |
1067 | + if ( !ipnum || !ns_g_geoip_cityDB ) | |
1068 | + return( ISC_FALSE ); | |
1069 | + | |
1070 | + if ( prev_cityDB_ipnum == ipnum ) | |
1071 | + record = prev_cityDB_record ; | |
1072 | + else { | |
1073 | + record = GeoIP_record_by_ipnum( ns_g_geoip_cityDB, ipnum ); | |
1074 | +#ifdef ISC_PLATFORM_USETHREADS | |
1075 | + set_prev_cityDB_record( record ); | |
1076 | + set_prev_cityDB_ipnum( ipnum ); | |
1077 | +#else | |
1078 | + prev_cityDB_record = record ; | |
1079 | + prev_cityDB_ipnum = ipnum ; | |
1080 | +#endif | |
1081 | + } | |
1082 | + | |
1083 | + if ( record ) { | |
1084 | + switch ( e->geoip_cityDB.subtype ) { | |
1085 | + case geoip_cityDB_country_code: | |
1086 | + if ( record->country_code ) | |
1087 | + georesult = ( strncasecmp( e->geoip_cityDB.country_code, record->country_code, 2 ) == 0 ); | |
1088 | +#ifdef DEBUG_GEOIP | |
1089 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1090 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1091 | + "client %s: geoip_cityDB_country_code compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1092 | + ipstr, | |
1093 | + record->country_code, e->geoip_cityDB.country_code, | |
1094 | + georesult, e->negative); | |
1095 | +#endif | |
1096 | + break; | |
1097 | + case geoip_cityDB_country_code3: | |
1098 | + if ( record->country_code3 ) | |
1099 | + georesult = ( strncasecmp( e->geoip_cityDB.country_code3, record->country_code3, 3 ) == 0 ); | |
1100 | +#ifdef DEBUG_GEOIP | |
1101 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1102 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1103 | + "client %s: geoip_cityDB_country_code3 compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1104 | + ipstr, | |
1105 | + record->country_code3, e->geoip_cityDB.country_code3, | |
1106 | + georesult, e->negative); | |
1107 | +#endif | |
1108 | + break; | |
1109 | + case geoip_cityDB_region: | |
1110 | + if ( record->region ) | |
1111 | + georesult = ( strncasecmp( e->geoip_cityDB.region, record->region, 2 ) == 0 ); | |
1112 | +#ifdef DEBUG_GEOIP | |
1113 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1114 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1115 | + "client %s: geoip_cityDB_region compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1116 | + ipstr, | |
1117 | + record->region, e->geoip_cityDB.region, | |
1118 | + georesult, e->negative); | |
1119 | +#endif | |
1120 | + break; | |
1121 | + case geoip_cityDB_region_name: | |
1122 | + if ( record->country_code && record->region | |
1123 | + && ( scratch = GeoIP_region_name_by_code(record->country_code,record->region) ) ) | |
1124 | + georesult = ( strcasecmp( e->geoip_cityDB.region_name, scratch ) == 0 ); | |
1125 | +#ifdef DEBUG_GEOIP | |
1126 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1127 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1128 | + "client %s: geoip_cityDB_regionname compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1129 | + ipstr, | |
1130 | + scratch, e->geoip_cityDB.region_name, | |
1131 | + georesult, e->negative); | |
1132 | +#endif | |
1133 | + break; | |
1134 | + case geoip_cityDB_city: | |
1135 | + if ( record->city ) | |
1136 | + georesult = ( strcasecmp( e->geoip_cityDB.city, record->city ) == 0 ); | |
1137 | +#ifdef DEBUG_GEOIP | |
1138 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1139 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1140 | + "client %s: geoip_cityDB_city compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1141 | + ipstr, | |
1142 | + record->city, e->geoip_cityDB.city, | |
1143 | + georesult, e->negative); | |
1144 | +#endif | |
1145 | + break; | |
1146 | + case geoip_cityDB_postal_code: | |
1147 | + if ( record->postal_code ) | |
1148 | + georesult = ( strcasecmp( e->geoip_cityDB.postal_code, record->postal_code ) == 0 ); | |
1149 | +#ifdef DEBUG_GEOIP | |
1150 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1151 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1152 | + "client %s: geoip_cityDB_postal compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1153 | + ipstr, | |
1154 | + record->postal_code, e->geoip_cityDB.postal_code, | |
1155 | + georesult, e->negative); | |
1156 | +#endif | |
1157 | + break; | |
1158 | + case geoip_cityDB_range: { | |
1159 | + short int lat = -1 ; | |
1160 | + short int lon = -1 ; | |
1161 | + if ( e->geoip_cityDB.lat[0] || e->geoip_cityDB.lat[1] ) | |
1162 | + lat = ( e->geoip_cityDB.lat[0] <= record->latitude && record->latitude <= e->geoip_cityDB.lat[1] ); | |
1163 | + if ( e->geoip_cityDB.lon[0] || e->geoip_cityDB.lon[1] ) | |
1164 | + lon = ( e->geoip_cityDB.lon[0] <= record->longitude && record->longitude <= e->geoip_cityDB.lon[1] ); | |
1165 | + georesult = ( lat && lon ); | |
1166 | +#ifdef DEBUG_GEOIP | |
1167 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1168 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1169 | + "client %s: geoip_cityDB_range compared result %f,%f to rule %f->%f,%f->%f; got %d neg %d", | |
1170 | + ipstr, | |
1171 | + record->latitude, record->longitude, | |
1172 | + e->geoip_cityDB.lat[0], e->geoip_cityDB.lat[1], | |
1173 | + e->geoip_cityDB.lon[0], e->geoip_cityDB.lon[1], | |
1174 | + georesult, e->negative); | |
1175 | +#endif | |
1176 | + break; | |
1177 | + } | |
1178 | + case geoip_cityDB_radius: | |
1179 | + georesult = (( pow((record->latitude-e->geoip_cityDB.lat[0])/e->geoip_cityDB.radius[0],2) + pow((record->longitude-e->geoip_cityDB.lon[0])/e->geoip_cityDB.radius[1],2) ) <= 1 ); | |
1180 | +#ifdef DEBUG_GEOIP | |
1181 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1182 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1183 | + "client %s: geoip_cityDB_radius compared result %f,%f to rule %f->%f %fx%f; got %d neg %d", | |
1184 | + ipstr, | |
1185 | + record->latitude, record->longitude, | |
1186 | + e->geoip_cityDB.lat[0], e->geoip_cityDB.lon[0], | |
1187 | + e->geoip_cityDB.radius[0], e->geoip_cityDB.radius[1], | |
1188 | + georesult, e->negative); | |
1189 | +#endif | |
1190 | + break; | |
1191 | + case geoip_cityDB_metro_code: | |
1192 | + georesult = ( e->geoip_cityDB.metro_code == record->metro_code ); | |
1193 | +#ifdef DEBUG_GEOIP | |
1194 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1195 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1196 | + "client %s: geoip_cityDB_metro compared result %d to rule %d, got %d neg %d", | |
1197 | + ipstr, | |
1198 | + record->metro_code, e->geoip_cityDB.metro_code, | |
1199 | + georesult, e->negative); | |
1200 | +#endif | |
1201 | + break; | |
1202 | + case geoip_cityDB_area_code: | |
1203 | + georesult = ( e->geoip_cityDB.area_code == record->area_code ); | |
1204 | +#ifdef DEBUG_GEOIP | |
1205 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1206 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1207 | + "client %s: geoip_cityDB_area compared result %d to rule %d, got %d neg %d", | |
1208 | + ipstr, | |
1209 | + record->area_code, e->geoip_cityDB.area_code, | |
1210 | + georesult, e->negative); | |
1211 | +#endif | |
1212 | + break; | |
1213 | + case geoip_cityDB_continent_code: | |
1214 | + if ( record->continent_code ) | |
1215 | + georesult = ( strncasecmp( e->geoip_cityDB.continent_code, record->continent_code, 2 ) == 0 ); | |
1216 | +#ifdef DEBUG_GEOIP | |
1217 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1218 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1219 | + "client %s: geoip_cityDB_continent compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1220 | + ipstr, | |
1221 | + record->continent_code, e->geoip_cityDB.continent_code, | |
1222 | + georesult, e->negative); | |
1223 | +#endif | |
1224 | + break; | |
1225 | + case geoip_cityDB_timezone_code: | |
1226 | + if ( record->country_code && record->region | |
1227 | + && ( scratch = GeoIP_time_zone_by_country_and_region( record->country_code, record->region ) ) ) | |
1228 | + georesult = ( strcasecmp( e->geoip_cityDB.timezone_code, scratch ) == 0 ); | |
1229 | +#ifdef DEBUG_GEOIP | |
1230 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1231 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1232 | + "client %s: geoip_cityDB_timezone compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1233 | + ipstr, | |
1234 | + scratch, e->geoip_cityDB.timezone_code, | |
1235 | + georesult, e->negative); | |
1236 | +#endif | |
1237 | + break; | |
1238 | + default: | |
1239 | + break; | |
1240 | + } /* switch */ | |
1241 | + } /* if record */ | |
1242 | +#ifdef DEBUG_GEOIP | |
1243 | + else | |
1244 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1245 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1246 | + "client %s: geoip_cityDB found no record", | |
1247 | + ipstr); | |
1248 | +#endif | |
1249 | + return( georesult ? ISC_TRUE : ISC_FALSE ); | |
1250 | + } /* case geoip_cityDB */ | |
1251 | + | |
1252 | + case dns_aclelementtype_geoip_regionDB: { | |
1253 | + short int georesult = 0 ; | |
1254 | + const GeoIPRegion *record = (const GeoIPRegion *)NULL ; | |
1255 | + | |
1256 | + if ( !ipnum || !ns_g_geoip_regionDB ) | |
1257 | + return(ISC_FALSE); | |
1258 | + | |
1259 | + if (( record = GeoIP_region_by_ipnum( ns_g_geoip_regionDB, ipnum) )) { | |
1260 | + switch ( e->geoip_regionDB.subtype ) { | |
1261 | + case geoip_regionDB_country_code: | |
1262 | + if ( record->country_code ) | |
1263 | + georesult = ( strncasecmp( e->geoip_regionDB.country_code, record->country_code, 3 ) == 0 ); | |
1264 | +#ifdef DEBUG_GEOIP | |
1265 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1266 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1267 | + "client %s: geoip_regionDB_name compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1268 | + ipstr, | |
1269 | + record->country_code, e->geoip_regionDB.country_code, | |
1270 | + georesult, e->negative); | |
1271 | +#endif | |
1272 | + break; | |
1273 | + case geoip_regionDB_region: | |
1274 | + if ( record->region && *record->region ) | |
1275 | + georesult = ( strncasecmp( e->geoip_regionDB.region, record->region, 3 ) == 0 ); | |
1276 | +#ifdef DEBUG_GEOIP | |
1277 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1278 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1279 | + "client %s: geoip_regionDB_name compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1280 | + ipstr, | |
1281 | + record->region, e->geoip_regionDB.region, | |
1282 | + georesult, e->negative); | |
1283 | +#endif | |
1284 | + break; | |
1285 | + default: | |
1286 | + break; | |
1287 | + } /* switch */ | |
1288 | + } /* if record */ | |
1289 | +#ifdef DEBUG_GEOIP | |
1290 | + else | |
1291 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1292 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1293 | + "client %s: geoip_regionDB found no record", | |
1294 | + ipstr); | |
1295 | +#endif | |
1296 | + return( georesult ? ISC_TRUE : ISC_FALSE ); | |
1297 | + } /* case geoip_regionDB */ | |
1298 | + | |
1299 | + case dns_aclelementtype_geoip_ispDB: { | |
1300 | + short int georesult = 0 ; | |
1301 | + const char *result = (const char *)NULL ; | |
1302 | + | |
1303 | + if ( !ipnum || !ns_g_geoip_ispDB ) | |
1304 | + return(ISC_FALSE); | |
1305 | + | |
1306 | + switch ( e->geoip_ispDB.subtype ) { | |
1307 | + case geoip_ispDB_name: | |
1308 | + if (( result = GeoIP_name_by_ipnum( ns_g_geoip_ispDB, ipnum ) )) | |
1309 | + georesult = ( strcasecmp( e->geoip_ispDB.name, result ) == 0 ); | |
1310 | +#ifdef DEBUG_GEOIP | |
1311 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1312 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1313 | + "client %s: geoip_ispDB_name compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1314 | + ipstr, | |
1315 | + result, e->geoip_ispDB.name, | |
1316 | + georesult, e->negative); | |
1317 | +#endif | |
1318 | + break; | |
1319 | + default: | |
1320 | + break; | |
1321 | + } /* switch */ | |
1322 | + return( georesult ? ISC_TRUE : ISC_FALSE ); | |
1323 | + } /* case geoip_ispDB */ | |
1324 | + | |
1325 | + case dns_aclelementtype_geoip_orgDB: { | |
1326 | + short int georesult = 0 ; | |
1327 | + const char *result = (const char *)NULL ; | |
1328 | + | |
1329 | + if ( !ipnum || !ns_g_geoip_orgDB ) | |
1330 | + return(ISC_FALSE); | |
1331 | + | |
1332 | + switch ( e->geoip_orgDB.subtype ) { | |
1333 | + case geoip_orgDB_name: | |
1334 | + if (( result = GeoIP_name_by_ipnum( ns_g_geoip_orgDB, ipnum ) )) | |
1335 | + georesult = ( strcasecmp( e->geoip_orgDB.name, result ) == 0 ); | |
1336 | +#ifdef DEBUG_GEOIP | |
1337 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1338 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1339 | + "client %s: geoip_orgDB_name compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1340 | + ipstr, | |
1341 | + result, e->geoip_orgDB.name, | |
1342 | + georesult, e->negative); | |
1343 | +#endif | |
1344 | + break; | |
1345 | + default: | |
1346 | + break; | |
1347 | + } /* switch */ | |
1348 | + return( georesult ? ISC_TRUE : ISC_FALSE ); | |
1349 | + } /* case geoip_orgDB */ | |
1350 | + | |
1351 | + case dns_aclelementtype_geoip_asDB: { | |
1352 | + short int georesult = 0 ; | |
1353 | + const char *result = (const char *)NULL ; | |
1354 | + | |
1355 | + if ( !ipnum || !ns_g_geoip_asDB ) | |
1356 | + return(ISC_FALSE); | |
1357 | + | |
1358 | + switch ( e->geoip_asDB.subtype ) { | |
1359 | + case geoip_asDB_org: | |
1360 | + if (( result = GeoIP_org_by_ipnum( ns_g_geoip_asDB, ipnum ) )) | |
1361 | + georesult = ( strcasecmp( e->geoip_asDB.org, result ) == 0 ); | |
1362 | +#ifdef DEBUG_GEOIP | |
1363 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1364 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1365 | + "client %s: geoip_asDB_org compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1366 | + ipstr, | |
1367 | + result, e->geoip_asDB.org, | |
1368 | + georesult, e->negative); | |
1369 | +#endif | |
1370 | + break; | |
1371 | + default: | |
1372 | + break; | |
1373 | + } /* switch */ | |
1374 | + return( georesult ? ISC_TRUE : ISC_FALSE ); | |
1375 | + } /* case geoip_asDB */ | |
1376 | + | |
1377 | + case dns_aclelementtype_geoip_netspeedDB: { | |
1378 | + short int georesult = 0 ; | |
1379 | + short int result = -1 ; | |
1380 | + | |
1381 | + if ( !ipnum || !ns_g_geoip_netspeedDB ) | |
1382 | + return( ISC_FALSE ); | |
1383 | + | |
1384 | + switch ( e->geoip_netspeedDB.subtype ) { | |
1385 | + case geoip_netspeedDB_id: | |
1386 | + result = GeoIP_id_by_ipnum( ns_g_geoip_netspeedDB, ipnum ); | |
1387 | + georesult = ( e->geoip_netspeedDB.id == result ); | |
1388 | +#ifdef DEBUG_GEOIP | |
1389 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1390 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1391 | + "client %s: geoip_netspeedDB_id compared result %d to rule %d, got %d neg %d", | |
1392 | + ipstr, | |
1393 | + result, e->geoip_netspeedDB.id, | |
1394 | + georesult, e->negative); | |
1395 | +#endif | |
1396 | + break; | |
1397 | + default: | |
1398 | + break; | |
1399 | + } /* switch */ | |
1400 | + return( georesult ? ISC_TRUE : ISC_FALSE ); | |
1401 | + } /* case geoip_netspeedDB */ | |
1402 | + | |
1403 | + case dns_aclelementtype_geoip_domainDB: { | |
1404 | + short int georesult = 0 ; | |
1405 | + const char *result = (const char *)NULL ; | |
1406 | + | |
1407 | + if ( !ipnum || !ns_g_geoip_domainDB ) | |
1408 | + return(ISC_FALSE); | |
1409 | + | |
1410 | + switch ( e->geoip_domainDB.subtype ) { | |
1411 | + case geoip_domainDB_name: | |
1412 | + if (( result = GeoIP_name_by_ipnum( ns_g_geoip_domainDB, ipnum ) )) | |
1413 | + georesult = ( strcasecmp( e->geoip_domainDB.name, result ) == 0 ); | |
1414 | +#ifdef DEBUG_GEOIP | |
1415 | + isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, | |
1416 | + DNS_LOGMODULE_ACL, ISC_LOG_DEBUG(3), | |
1417 | + "client %s: geoip_domainDB_name compared result \"%s\" to rule \"%s\", got %d neg %d", | |
1418 | + ipstr, | |
1419 | + result, e->geoip_domainDB.name, | |
1420 | + georesult, e->negative); | |
1421 | +#endif | |
1422 | + break; | |
1423 | + default: | |
1424 | + break; | |
1425 | + } /* switch */ | |
1426 | + return( georesult ? ISC_TRUE : ISC_FALSE ); | |
1427 | + } /* case geoip_domainDB */ | |
1428 | + | |
1429 | +#endif /* HAVE_GEOIP */ | |
1430 | + | |
1431 | case dns_aclelementtype_localhost: | |
1432 | if (env == NULL || env->localhost == NULL) | |
1433 | return (ISC_FALSE); | |
1434 | --- lib/dns/include/dns/acl.h.orig 2012-09-26 17:35:19.000000000 -0700 | |
1435 | +++ lib/dns/include/dns/acl.h 2012-10-09 17:38:10.000000000 -0700 | |
1436 | @@ -52,8 +52,139 @@ | |
1437 | dns_aclelementtype_nestedacl, | |
1438 | dns_aclelementtype_localhost, | |
1439 | dns_aclelementtype_localnets, | |
1440 | +#ifdef HAVE_GEOIP | |
1441 | + dns_aclelementtype_geoip_countryDB, | |
1442 | + dns_aclelementtype_geoip_cityDB, | |
1443 | + dns_aclelementtype_geoip_regionDB, | |
1444 | + dns_aclelementtype_geoip_ispDB, | |
1445 | + dns_aclelementtype_geoip_orgDB, | |
1446 | + dns_aclelementtype_geoip_asDB, | |
1447 | + dns_aclelementtype_geoip_netspeedDB, | |
1448 | + dns_aclelementtype_geoip_domainDB, | |
1449 | +#endif /* HAVE_GEOIP */ | |
1450 | dns_aclelementtype_any | |
1451 | -} dns_aclelemettype_t; | |
1452 | +} dns_aclelementtype_t; | |
1453 | + | |
1454 | +#ifdef HAVE_GEOIP | |
1455 | + | |
1456 | +/* COUNTRY DB */ | |
1457 | + | |
1458 | +typedef enum { | |
1459 | + geoip_countryDB_country_code, | |
1460 | + geoip_countryDB_country_code3, | |
1461 | + geoip_countryDB_country_name, | |
1462 | +} dns_geoip_subtype_countryDB_t ; | |
1463 | + | |
1464 | +typedef struct dns_geoip_countryDB { | |
1465 | + dns_geoip_subtype_countryDB_t subtype ; | |
1466 | + char country_code[2] ; | |
1467 | + char country_code3[3] ; | |
1468 | + char country_name[256] ; /* \0 padded */ | |
1469 | +} dns_geoip_countryDB_t; | |
1470 | + | |
1471 | +/* CITY DB */ | |
1472 | + | |
1473 | +typedef enum { | |
1474 | + geoip_cityDB_country_code, | |
1475 | + geoip_cityDB_country_code3, | |
1476 | + geoip_cityDB_region, | |
1477 | + geoip_cityDB_region_name, | |
1478 | + geoip_cityDB_city, | |
1479 | + geoip_cityDB_postal_code, | |
1480 | + geoip_cityDB_range, | |
1481 | + geoip_cityDB_radius, | |
1482 | + geoip_cityDB_metro_code, | |
1483 | + geoip_cityDB_area_code, | |
1484 | + geoip_cityDB_continent_code, | |
1485 | + geoip_cityDB_timezone_code, | |
1486 | +} dns_geoip_subtype_cityDB_t ; | |
1487 | + | |
1488 | +typedef struct dns_geoip_cityDB { | |
1489 | + dns_geoip_subtype_cityDB_t subtype ; | |
1490 | + char country_code[2] ; | |
1491 | + char country_code3[3] ; | |
1492 | + char region[2] ; | |
1493 | + char region_name[256] ; /* \0 padded */ | |
1494 | + char city[256] ; /* \0 padded */ | |
1495 | + char postal_code[7] ; /* \0 padded */ | |
1496 | + float lat[2] ; | |
1497 | + float lon[2] ; | |
1498 | + float radius[2] ; | |
1499 | + int metro_code ; | |
1500 | + int area_code ; | |
1501 | + char continent_code[2] ; | |
1502 | + char timezone_code[256] ; /* \0 padded */ | |
1503 | +} dns_geoip_cityDB_t; | |
1504 | + | |
1505 | +/* REGION DB */ | |
1506 | + | |
1507 | +typedef enum { | |
1508 | + geoip_regionDB_country_code, | |
1509 | + geoip_regionDB_region, | |
1510 | +} dns_geoip_subtype_regionDB_t ; | |
1511 | + | |
1512 | +typedef struct dns_geoip_regionDB { | |
1513 | + dns_geoip_subtype_regionDB_t subtype ; | |
1514 | + char country_code[2] ; | |
1515 | + char region[2] ; | |
1516 | +} dns_geoip_regionDB_t; | |
1517 | + | |
1518 | +/* ISP DB */ | |
1519 | + | |
1520 | +typedef enum { | |
1521 | + geoip_ispDB_name, | |
1522 | +} dns_geoip_subtype_ispDB_t ; | |
1523 | + | |
1524 | +typedef struct dns_geoip_ispDB { | |
1525 | + dns_geoip_subtype_ispDB_t subtype ; | |
1526 | + char name[51] ; /* \0 padded */ | |
1527 | +} dns_geoip_ispDB_t; | |
1528 | + | |
1529 | +/* ORG DB */ | |
1530 | + | |
1531 | +typedef enum { | |
1532 | + geoip_orgDB_name, | |
1533 | +} dns_geoip_subtype_orgDB_t ; | |
1534 | + | |
1535 | +typedef struct dns_geoip_orgDB { | |
1536 | + dns_geoip_subtype_orgDB_t subtype ; | |
1537 | + char name[51] ; /* \0 padded */ | |
1538 | +} dns_geoip_orgDB_t; | |
1539 | + | |
1540 | +/* AS DB */ | |
1541 | + | |
1542 | +typedef enum { | |
1543 | + geoip_asDB_org, | |
1544 | +} dns_geoip_subtype_asDB_t ; | |
1545 | + | |
1546 | +typedef struct dns_geoip_asDB { | |
1547 | + dns_geoip_subtype_asDB_t subtype ; | |
1548 | + char org[51] ; /* \0 padded */ | |
1549 | +} dns_geoip_asDB_t; | |
1550 | + | |
1551 | +/* NETSPEED DB */ | |
1552 | + | |
1553 | +typedef enum { | |
1554 | + geoip_netspeedDB_id, | |
1555 | +} dns_geoip_subtype_netspeedDB_t ; | |
1556 | + | |
1557 | +typedef struct dns_geoip_netspeedDB { | |
1558 | + dns_geoip_subtype_netspeedDB_t subtype ; | |
1559 | + short int id ; | |
1560 | +} dns_geoip_netspeedDB_t; | |
1561 | + | |
1562 | +/* DOMAIN DB */ | |
1563 | + | |
1564 | +typedef enum { | |
1565 | + geoip_domainDB_name, | |
1566 | +} dns_geoip_subtype_domainDB_t ; | |
1567 | + | |
1568 | +typedef struct dns_geoip_domainDB { | |
1569 | + dns_geoip_subtype_domainDB_t subtype ; | |
1570 | + char name[256] ; /* \0 padded */ | |
1571 | +} dns_geoip_domainDB_t; | |
1572 | + | |
1573 | +#endif /* HAVE_GEOIP */ | |
1574 | ||
1575 | typedef struct dns_aclipprefix dns_aclipprefix_t; | |
1576 | ||
1577 | @@ -63,9 +194,19 @@ | |
1578 | }; | |
1579 | ||
1580 | struct dns_aclelement { | |
1581 | - dns_aclelemettype_t type; | |
1582 | + dns_aclelementtype_t type; | |
1583 | isc_boolean_t negative; | |
1584 | dns_name_t keyname; | |
1585 | +#ifdef HAVE_GEOIP | |
1586 | + dns_geoip_countryDB_t geoip_countryDB; | |
1587 | + dns_geoip_cityDB_t geoip_cityDB; | |
1588 | + dns_geoip_regionDB_t geoip_regionDB; | |
1589 | + dns_geoip_ispDB_t geoip_ispDB; | |
1590 | + dns_geoip_orgDB_t geoip_orgDB; | |
1591 | + dns_geoip_asDB_t geoip_asDB; | |
1592 | + dns_geoip_netspeedDB_t geoip_netspeedDB; | |
1593 | + dns_geoip_domainDB_t geoip_domainDB; | |
1594 | +#endif /* HAVE_GEOIP */ | |
1595 | dns_acl_t *nestedacl; | |
1596 | int node_num; | |
1597 | }; |