test-database: Remove signature checks

These are performed in an extra test now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

writer: Erase the padding

We should not leak any data from the stack into the
database and this makes debugging easier, too.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Log blocks that are being fed into the signature

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

writer: Put whole header into the hash instead of only the first 8 bytes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

test-signature: Fix path to key

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Log the signature in debug mode

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

database: Catch any errors from EVP_DigestVerify_Update()

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

test: Add test to check that invalid signatures do not validate

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

perl: Add get_continent_code()

This function allows to get the continent code by a given country code.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

database: Correctly handle error codes from OpenSSL

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-downloader: Add command to verify the downloaded database manually

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Install databases to /var/lib/location

This data is being modified and should therefore go to
/var/lib instead of /usr/share.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Import our public signing key

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-downloader: Exit with 3 when the database was already up to date

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-exporter: Accept A1, A2, A3 as compat country codes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-exporter: Allow exporting by family

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-query: Translate family only when it is set

Fixes: #12253
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

debian: Install location-exporter

This binary has no manpage yet, so lintian will provide a
warning of the non existing manpage.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-exporter: Uncomment accidentially commented line

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-export: Validate country codes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-exporter: ipset: Add line break after header

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-exporter: Fix syntax errors for nftables export

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

perl: Make verify() a function on the database

This makes the API similar to the Python version

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-query: Do not validate database every time

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-exporter: New script to convert database into compatible formats

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-query: Allow filtering networks by family

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-downloader: Verify the database after download

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

perl: Verify database when it is being opened

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

database: Benchmark time it takes to verify the signature

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Implement signing/verifying databases

Databases can now carry a builtin signature which can be verified
when the database is being loaded.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

database: Add scaffolding for checking signatures

The added function computes a SHA512 hash of the database
file where the signature is cleared.

The actual cryptographic check of the signature is
not implemented, yet.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

configure: Actually pass detected libraries over to make

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Link against OpenSSL

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Makefile: Cleanup Debian tarball

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

database: Log error when network ID is out of range

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

debian: Ignore all temporary files

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

debian: Add command to build Debian packages easily

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add support for packaging Debian (deb) packages

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Bump version to 0.9.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

configure: Fix platform detection

Checking for GNU platforms now instead of just Linux.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

perl: Provide library location when running the testsuite

Otherwise the perl testsuite could not locate libloc and will fail.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libresolv: Check different functions on different platforms

I could not find a function that is both present on Linux and
Mac OS X, so we now have to test differently.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Make library build on Mac OS X

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Fix building man pages on Mac OS X

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

downloader: Check DNS for most recent version

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

po: Update German translation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Makefile: Do not indent variable assignments

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

perl: Remove RPATH

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-downloader: Add man page

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add systemd unit files for location-downloader

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-downloader: Add proper logging infrastructure

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add download script to automatically update the database

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-query: Add listing networks by flags

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Fix names of flags

They belong to the networks, so that should be reflected in the name.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-query: Add output for ipset

Fixes: #12202
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-query: Allow exporting data for nftables

Fixes: #12201
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

location-query: Support listing networks for xt_geoip

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

network: Initialize country code with nothing

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Improve error reporting when a network could not be read from the database

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

python: Raise error when a network/AS could not be read

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

test-stringpool: Include stdint.h on Linux

This is required to have intmax_t declared.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Fix off_t casting in tests

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

database: Fix checking pointer

This always evaluated to true which is not what was intended here.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Correct cast off_t to intmax_t before printing it

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Merge branch 'apple'

perl: Do not insist on Perl 5.28 or higher

We have no special requirements here.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

linker: Do not use --gc-sections on non-GNU platforms

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

country: Include compat.h to build on other arches

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

country: Fix comparison function

This return value was incorrect which caused that sorting
countries did not work and therefore could not been found
in the database any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

test: Add another country for test

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Detect if linker supports --version-script=

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Format off_t data types properly for printing

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Make package compile on Mac OS X

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Fall back to getenv() when secure_getenv() is not available

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

python: Implement lookup function for countries

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

python: Extend bindings for countries

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

writer: Write countries before pool is being written

Otherwise the names will obviously not be written

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

country: Fix segmentation fault when continent code is not set

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

country: Remove string termination

This should not be necessary and overwrites the buffer
in some cases.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

database format: Add some padding to header

This can be used to add things later without
incrementing the database version.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Fix re-ordering flags which are now only 16 bits

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

country: Use one function to copy country codes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

country: Add simple function to test if a country code is valid

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

country: Fix SEGV when accessing the string pool

This was caused because I am too stupid to count to two.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

database format: Reduce number of flags to 16

32 is very excessive and I hope we will never need that many.
Hence we reserve the remaining space.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add a dictionary with countries to the database

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

python: Use shorthand function to export __version__

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

python: Expose flags

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Handle A1, A2, A3 as special cases when searching for countries

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Implement searching for networks with a certain flag

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add flags for A1, A2 and A3

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add flags to network objects

This changes the database format on disk.

Flags can be used to mark networks in order to add more information
later than only ASN and CC.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

man: Add location-query.8

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

database: Print timings in milliseconds

We are so fast that seconds do not make any sense.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

test: Fix compiling AS test after header change

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Merge branch 'perl'

perl: Testsuite: Add tests for lookup_asn()

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

perl: Add function to perform AS number lookups.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

perl: Testsuite: Add tests for invalid address and address not in the database.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

perl: Fix lookup if given address is invalid or not in DB.

In this case now undef will be returned.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>