filter-aaaa-on-v6 no;\n\
filter-aaaa { any; };\n"
#endif
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
" geoip-use-ecs yes;\n"
#endif
" lame-ttl 600;\n"
};
static void
-init_geoip_db(GeoIP **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback,
+init_geoip_db(void **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback,
GeoIPOptions method, const char *name)
{
char *info;
REQUIRE(dbp != NULL);
- db = *dbp;
+ db = (GeoIP *)*dbp;
if (db != NULL) {
GeoIP_delete(db);
void
ns_geoip_init(void) {
-#ifndef HAVE_GEOIP
- return;
-#else
+#if defined(HAVE_GEOIP2)
+ /* TODO GEOIP2 */
+#elif defined(HAVE_GEOIP)
GeoIP_cleanup();
if (ns_g_geoip == NULL)
ns_g_geoip = &geoip_table;
+#else
+ return;
#endif
}
void
ns_geoip_load(char *dir) {
-#ifndef HAVE_GEOIP
-
- UNUSED(dir);
-
- return;
-#else
+#if defined(HAVE_GEOIP2)
+ /* TODO GEOIP2 */
+#elif defined(HAVE_GEOIP)
GeoIPOptions method;
#ifdef _WIN32
method, "Domain");
init_geoip_db(&ns_g_geoip->netspeed, GEOIP_NETSPEED_EDITION, 0,
method, "NetSpeed");
-#endif /* HAVE_GEOIP */
+#else
+ UNUSED(dir);
+
+ return;
+#endif
}
EXTERN bool ns_g_fixedlocal INIT(false);
EXTERN bool ns_g_sigvalinsecs INIT(false);
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
EXTERN dns_geoip_databases_t *ns_g_geoip INIT(NULL);
#endif
result = dns_aclenv_init(mctx, &mgr->aclenv);
if (result != ISC_R_SUCCESS)
goto cleanup_listenon;
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
mgr->aclenv.geoip = ns_g_geoip;
#endif
#include <named/client.h>
#include <named/config.h>
#include <named/control.h>
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#include <named/geoip.h>
-#endif /* HAVE_GEOIP */
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#include <named/interfacemgr.h>
#include <named/log.h>
#include <named/logconf.h>
}
isc__socketmgr_setreserved(ns_g_socketmgr, reserved);
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
/*
* Initialize GeoIP databases from the configured location.
* This should happen before configuring any ACLs, so that we
result = ns_config_get(maps, "geoip-use-ecs", &obj);
INSIST(result == ISC_R_SUCCESS);
ns_g_server->aclenv.geoip_use_ecs = cfg_obj_asboolean(obj);
-#endif /* HAVE_GEOIP */
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
/*
* Configure various server options.
#ifdef HAVE_DNSTAP
dns_dt_shutdown();
#endif
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
dns_geoip_shutdown();
-#endif
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
dns_db_detach(&server->in_roothints);
result = dns_aclenv_init(mctx, &server->aclenv);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
/* Initialize GeoIP before using ACL environment */
ns_geoip_init();
server->aclenv.geoip = ns_g_geoip;
#endif
}
+ if (strcmp(argv[1], "--have-geoip2") == 0) {
+#ifdef HAVE_GEOIP2
+ return (0);
+#else
+ return (1);
+#endif
+ }
+
if (strcmp(argv[1], "--have-libxml2") == 0) {
#ifdef HAVE_LIBXML2
return (0);
return result;
}
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
/* Duplicate GeoIP data */
if (source->elements[i].type == dns_aclelementtype_geoip) {
dest->elements[nelem + i].geoip_elem =
inner = env->localnets;
break;
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
case dns_aclelementtype_geoip:
if (env == NULL || env->geoip == NULL)
return (false);
return (true);
continue;
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
case dns_aclelementtype_geoip:
#endif
case dns_aclelementtype_localnets:
if (result != ISC_R_SUCCESS)
goto cleanup_localhost;
env->match_mapped = false;
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
env->geoip = NULL;
env->geoip_use_ecs = false;
#endif
dns_acl_detach(&t->localnets);
dns_acl_attach(s->localnets, &t->localnets);
t->match_mapped = s->match_mapped;
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
t->geoip_use_ecs = s->geoip_use_ecs;
+ t->geoip = s->geoip;
#endif
}
* information regarding copyright ownership.
*/
-/* $Id: acl.h,v 1.35 2011/06/17 23:47:49 tbox Exp $ */
-
#ifndef DNS_ACL_H
#define DNS_ACL_H 1
#include <isc/netaddr.h>
#include <isc/refcount.h>
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#include <dns/geoip.h>
#endif
#include <dns/name.h>
#include <dns/types.h>
#include <dns/iptable.h>
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP2)
+#include <maxminddb.h>
+#elif defined(HAVE_GEOIP)
#include <GeoIP.h>
#endif
dns_aclelementtype_nestedacl,
dns_aclelementtype_localhost,
dns_aclelementtype_localnets,
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
dns_aclelementtype_geoip,
-#endif /* HAVE_GEOIP */
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
dns_aclelementtype_any
} dns_aclelementtype_t;
dns_aclelementtype_t type;
bool negative;
dns_name_t keyname;
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
dns_geoip_elem_t geoip_elem;
-#endif /* HAVE_GEOIP */
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
dns_acl_t *nestedacl;
int node_num;
};
dns_acl_t *localhost;
dns_acl_t *localnets;
bool match_mapped;
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
dns_geoip_databases_t *geoip;
bool geoip_use_ecs;
#endif
#include <dns/types.h>
#include <dns/iptable.h>
-#ifdef HAVE_GEOIP
-#include <GeoIP.h>
-#else
-typedef void GeoIP;
-#endif
-
/***
*** Types
***/
typedef struct dns_geoip_elem {
dns_geoip_subtype_t subtype;
- GeoIP *db;
+ void *db;
union {
char as_string[256];
int as_int;
} dns_geoip_elem_t;
typedef struct dns_geoip_databases {
- GeoIP *country_v4; /* DB 1 */
- GeoIP *city_v4; /* DB 2 or 6 */
- GeoIP *region; /* DB 3 or 7 */
- GeoIP *isp; /* DB 4 */
- GeoIP *org; /* DB 5 */
- GeoIP *as; /* DB 9 */
- GeoIP *netspeed; /* DB 10 */
- GeoIP *domain; /* DB 11 */
- GeoIP *country_v6; /* DB 12 */
- GeoIP *city_v6; /* DB 30 or 31 */
+#if defined(HAVE_GEOIP2)
+ void *country; /* GeoIP2-Country or GeoLite2-Country */
+ void *city; /* GeoIP2-CIty or GeoLite2-City */
+ void *domain; /* GeoIP2-Domain */
+ void *isp; /* GeoIP2-ISP */
+ void *as; /* GeoIP2-ASN or GeoLite2-ASN */
+#elif defined(HAVE_GEOIP)
+ void *country_v4; /* DB 1 */
+ void *city_v4; /* DB 2 or 6 */
+ void *region; /* DB 3 or 7 */
+ void *isp; /* DB 4 */
+ void *org; /* DB 5 */
+ void *as; /* DB 9 */
+ void *netspeed; /* DB 10 */
+ void *domain; /* DB 11 */
+ void *country_v6; /* DB 12 */
+ void *city_v6; /* DB 30 or 31 */
+#endif
} dns_geoip_databases_t;
/***
dns_acl_t *none = NULL;
dns_acl_t *notnone = NULL;
dns_acl_t *notany = NULL;
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
dns_acl_t *geoip = NULL;
dns_acl_t *notgeoip = NULL;
dns_aclelement_t *de;
-#endif
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
dns_acl_t *pos4pos6 = NULL;
dns_acl_t *notpos4pos6 = NULL;
dns_acl_t *neg4pos6 = NULL;
result = dns_acl_merge(notany, any, false);
assert_int_equal(result, ISC_R_SUCCESS);
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
result = dns_acl_create(mctx, 1, &geoip);
assert_int_equal(result, ISC_R_SUCCESS);
result = dns_acl_merge(notgeoip, geoip, false);
assert_int_equal(result, ISC_R_SUCCESS);
-#endif
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
assert_true(dns_acl_isinsecure(any)); /* any; */
assert_false(dns_acl_isinsecure(none)); /* none; */
assert_false(dns_acl_isinsecure(notany)); /* !any; */
assert_false(dns_acl_isinsecure(notnone)); /* !none; */
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
assert_true(dns_acl_isinsecure(geoip)); /* geoip; */
assert_false(dns_acl_isinsecure(notgeoip)); /* !geoip; */
-#endif
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
dns_acl_detach(&any);
dns_acl_detach(&none);
dns_acl_detach(¬any);
dns_acl_detach(¬none);
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
dns_acl_detach(&geoip);
dns_acl_detach(¬geoip);
-#endif
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
for (pass = 0; pass < sizeof(ecs)/sizeof(ecs[0]); pass++) {
result = dns_acl_create(mctx, 1, &pos4pos6);
#include "dnstest.h"
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP2)
+#include <maxminddb.h>
+
+/* TODO GEOIP2 */
+#define TEST_GEOIP_DATA ""
+#elif defined(HAVE_GEOI2)
#include <GeoIP.h>
/* We use GeoIP databases from the 'geoip' system test */
#define TEST_GEOIP_DATA "../../../bin/tests/system/geoip/data"
+#endif
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
static int
_setup(void **state) {
isc_result_t result;
return (0);
}
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
+#ifdef HAVE_GEOIP
/*
* Helper functions
* (Mostly copied from bin/named/geoip.c)
};
static void
-init_geoip_db(GeoIP **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback,
+init_geoip_db(void **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback,
GeoIPOptions method, const char *name)
{
GeoIP *db;
REQUIRE(dbp != NULL);
- db = *dbp;
+ db = (GeoIP *)*dbp;
if (db != NULL) {
GeoIP_delete(db);
int
main(void) {
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP2)
+ /* TODO GEOIP2 */
+ print_message("1..0 # Skip geoip2 tests not complete\n");
+#elif defined(HAVE_GEOIP)
const struct CMUnitTest tests[] = {
cmocka_unit_test_setup_teardown(country, _setup, _teardown),
cmocka_unit_test_setup_teardown(country_v6, _setup, _teardown),
return (cmocka_run_group_tests(tests, dns_test_init, dns_test_final));
#else
print_message("1..0 # Skip geoip not enabled\n");
-#endif /* HAVE_GEOIP */
+#endif
}
#else /* HAVE_CMOCKA */
isc_mem_attach(mctx, &actx->mctx);
ISC_LIST_INIT(actx->named_acl_cache);
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
actx->geoip = NULL;
#endif
elt != NULL;
elt = cfg_list_next(elt)) {
const cfg_obj_t *acl = cfg_listelt_value(elt);
- const char *aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name"));
+ const char *aclname =
+ cfg_obj_asstring(cfg_tuple_get(acl, "name"));
if (strcasecmp(aclname, name) == 0) {
if (ret != NULL) {
*ret = cfg_tuple_get(acl, "value");
n += sub;
if (negative)
n++;
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
} else if (cfg_obj_istuple(ce) &&
cfg_obj_isvoid(cfg_tuple_get(ce, "negated")))
{
n++;
-#endif /* HAVE_GEOIP */
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
} else if (cfg_obj_isstring(ce)) {
const char *name = cfg_obj_asstring(ce);
if (strcasecmp(name, "localhost") == 0 ||
return (ISC_R_SUCCESS);
}
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP)
static dns_geoip_subtype_t
get_subtype(const cfg_obj_t *obj, isc_log_t *lctx,
dns_geoip_subtype_t subtype, const char *dbname)
{
- if (dbname == NULL)
+ if (dbname == NULL) {
return (subtype);
+ }
switch (subtype) {
case dns_geoip_countrycode:
- if (strcasecmp(dbname, "city") == 0)
+ if (strcasecmp(dbname, "city") == 0) {
return (dns_geoip_city_countrycode);
- else if (strcasecmp(dbname, "region") == 0)
+ } else if (strcasecmp(dbname, "region") == 0) {
return (dns_geoip_region_countrycode);
- else if (strcasecmp(dbname, "country") == 0)
+ } else if (strcasecmp(dbname, "country") == 0) {
return (dns_geoip_country_code);
+ }
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"country search: ignored");
return (subtype);
case dns_geoip_countrycode3:
- if (strcasecmp(dbname, "city") == 0)
+ if (strcasecmp(dbname, "city") == 0) {
return (dns_geoip_city_countrycode3);
- else if (strcasecmp(dbname, "country") == 0)
+ } else if (strcasecmp(dbname, "country") == 0) {
return (dns_geoip_country_code3);
+ }
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"country search: ignored");
return (subtype);
case dns_geoip_countryname:
- if (strcasecmp(dbname, "city") == 0)
+ if (strcasecmp(dbname, "city") == 0) {
return (dns_geoip_city_countryname);
- else if (strcasecmp(dbname, "country") == 0)
+ } else if (strcasecmp(dbname, "country") == 0) {
return (dns_geoip_country_name);
+ }
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"country search: ignored");
return (subtype);
case dns_geoip_region:
- if (strcasecmp(dbname, "city") == 0)
+ if (strcasecmp(dbname, "city") == 0) {
return (dns_geoip_city_region);
- else if (strcasecmp(dbname, "region") == 0)
+ } else if (strcasecmp(dbname, "region") == 0) {
return (dns_geoip_region_code);
+ }
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"region search: ignored");
return (subtype);
case dns_geoip_regionname:
- if (strcasecmp(dbname, "city") == 0)
+ if (strcasecmp(dbname, "city") == 0) {
return (dns_geoip_city_region);
- else if (strcasecmp(dbname, "region") == 0)
+ } else if (strcasecmp(dbname, "region") == 0) {
return (dns_geoip_region_name);
+ }
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"region search: ignored");
case dns_geoip_city_areacode:
case dns_geoip_city_continentcode:
case dns_geoip_city_timezonecode:
- if (strcasecmp(dbname, "city") != 0)
+ if (strcasecmp(dbname, "city") != 0) {
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"a 'city'-only search type: ignoring");
+ }
return (subtype);
case dns_geoip_isp_name:
- if (strcasecmp(dbname, "isp") != 0)
+ if (strcasecmp(dbname, "isp") != 0) {
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"an 'isp' search: ignoring");
+ }
return (subtype);
case dns_geoip_org_name:
- if (strcasecmp(dbname, "org") != 0)
+ if (strcasecmp(dbname, "org") != 0) {
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"an 'org' search: ignoring");
+ }
return (subtype);
case dns_geoip_as_asnum:
- if (strcasecmp(dbname, "asnum") != 0)
+ if (strcasecmp(dbname, "asnum") != 0) {
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"an 'asnum' search: ignoring");
+ }
return (subtype);
case dns_geoip_domain_name:
- if (strcasecmp(dbname, "domain") != 0)
+ if (strcasecmp(dbname, "domain") != 0) {
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"a 'domain' search: ignoring");
+ }
return (subtype);
case dns_geoip_netspeed_id:
- if (strcasecmp(dbname, "netspeed") != 0)
+ if (strcasecmp(dbname, "netspeed") != 0) {
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"a 'netspeed' search: ignoring");
+ }
return (subtype);
default:
INSIST(0);
static bool
geoip_can_answer(dns_aclelement_t *elt, cfg_aclconfctx_t *ctx) {
- if (ctx->geoip == NULL)
+ if (ctx->geoip == NULL) {
return (true);
+ }
switch (elt->geoip_elem.subtype) {
case dns_geoip_countrycode:
case dns_geoip_city_timezonecode:
if (ctx->geoip->city_v4 != NULL ||
ctx->geoip->city_v6 != NULL)
+ {
return (true);
+ }
/* FALLTHROUGH */
case dns_geoip_isp_name:
- if (ctx->geoip->isp != NULL)
+ if (ctx->geoip->isp != NULL) {
return (true);
+ }
/* FALLTHROUGH */
case dns_geoip_org_name:
- if (ctx->geoip->org != NULL)
+ if (ctx->geoip->org != NULL) {
return (true);
+ }
/* FALLTHROUGH */
case dns_geoip_as_asnum:
- if (ctx->geoip->as != NULL)
+ if (ctx->geoip->as != NULL) {
return (true);
+ }
/* FALLTHROUGH */
case dns_geoip_domain_name:
- if (ctx->geoip->domain != NULL)
+ if (ctx->geoip->domain != NULL) {
return (true);
+ }
/* FALLTHROUGH */
case dns_geoip_netspeed_id:
- if (ctx->geoip->netspeed != NULL)
+ if (ctx->geoip->netspeed != NULL) {
return (true);
+ }
}
return (false);
}
+#endif
static isc_result_t
parse_geoip_element(const cfg_obj_t *obj, isc_log_t *lctx,
de = *dep;
ge = cfg_tuple_get(obj, "db");
- if (!cfg_obj_isvoid(ge))
+ if (!cfg_obj_isvoid(ge)) {
dbname = cfg_obj_asstring(ge);
+ }
stype = cfg_obj_asstring(cfg_tuple_get(obj, "subtype"));
search = cfg_obj_asstring(cfg_tuple_get(obj, "search"));
return (ISC_R_SUCCESS);
}
-#endif
isc_result_t
cfg_acl_fromconfig(const cfg_obj_t *caml, const cfg_obj_t *cctx,
mctx, &nelem, NULL);
if (result != ISC_R_SUCCESS)
return (result);
- } else
+ } else {
nelem = cfg_list_length(caml, false);
+ }
result = dns_acl_create(mctx, nelem, &dacl);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
return (result);
+ }
}
de = dacl->elements;
result = dns_acl_create(mctx,
cfg_list_length(ce, false),
&de->nestedacl);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
+ }
iptab = de->nestedacl->iptable;
}
cfg_obj_log(ce, lctx, ISC_LOG_WARNING,
"'%s': incorrect address family; "
"ignoring", buf);
- if (nest_level != 0)
+ if (nest_level != 0) {
dns_acl_detach(&de->nestedacl);
+ }
continue;
}
result = isc_netaddr_prefixok(&addr, bitlen);
setecs = cfg_obj_istype(ce, &cfg_type_ecsprefix);
result = dns_iptable_addprefix2(iptab, &addr, bitlen,
setpos, setecs);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
+ }
if (nest_level > 0) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
- } else
+ } else {
continue;
+ }
} else if (cfg_obj_islist(ce)) {
/*
* If we're nesting ACLs, put the nested
* in two cases: 1) sortlist, 2) if the
* nested ACL contains negated members.
*/
- if (inneracl != NULL)
+ if (inneracl != NULL) {
dns_acl_detach(&inneracl);
+ }
result = cfg_acl_fromconfig(ce, cctx, lctx,
ctx, mctx, new_nest_level,
&inneracl);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
+ }
nested_acl:
if (nest_level > 0 || inneracl->has_negatives) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
- if (de->nestedacl != NULL)
+ if (de->nestedacl != NULL) {
dns_acl_detach(&de->nestedacl);
- dns_acl_attach(inneracl,
- &de->nestedacl);
+ }
+ dns_acl_attach(inneracl, &de->nestedacl);
dns_acl_detach(&inneracl);
/* Fall through. */
} else {
INSIST(dacl->length + inneracl->length
<= dacl->alloc);
- dns_acl_merge(dacl, inneracl,
- !neg);
+ dns_acl_merge(dacl, inneracl, !neg);
de += inneracl->length; /* elements added */
dns_acl_detach(&inneracl);
INSIST(dacl->length <= dacl->alloc);
dns_name_init(&de->keyname, NULL);
result = convert_keyname(ce, lctx, mctx,
&de->keyname);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
-#ifdef HAVE_GEOIP
+ }
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
} else if (cfg_obj_istuple(ce) &&
cfg_obj_isvoid(cfg_tuple_get(ce, "negated")))
{
INSIST(dacl->length < dacl->alloc);
result = parse_geoip_element(ce, lctx, ctx, de);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
+ }
de->type = dns_aclelementtype_geoip;
de->negative = neg;
-#endif /* HAVE_GEOIP */
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
} else if (cfg_obj_isstring(ce)) {
/* ACL name. */
const char *name = cfg_obj_asstring(ce);
/* Iptable entry with zero bit length. */
result = dns_iptable_addprefix(iptab, NULL, 0,
(nest_level != 0 || !neg));
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
+ }
if (nest_level != 0) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
- } else
+ } else {
continue;
+ }
} else if (strcasecmp(name, "none") == 0) {
/* none == !any */
/*
*/
result = dns_iptable_addprefix(iptab, NULL, 0,
(nest_level != 0 || neg));
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
+ }
- if (!neg)
+ if (!neg) {
dacl->has_negatives = !neg;
+ }
if (nest_level != 0) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = !neg;
- } else
+ } else {
continue;
+ }
} else if (strcasecmp(name, "localhost") == 0) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_localhost;
result = convert_named_acl(ce, cctx, lctx, ctx,
mctx, new_nest_level,
&inneracl);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
+ }
goto nested_acl;
}
*/
if (de->nestedacl != NULL &&
de->type != dns_aclelementtype_nestedacl)
+ {
dns_acl_detach(&de->nestedacl);
+ }
dacl->node_count++;
de->node_num = dacl->node_count;
result = ISC_R_SUCCESS;
cleanup:
- if (inneracl != NULL)
+ if (inneracl != NULL) {
dns_acl_detach(&inneracl);
+ }
dns_acl_detach(&dacl);
return (result);
}
#include <isccfg/cfg.h>
-#ifdef HAVE_GEOIP
#include <dns/geoip.h>
-#endif
#include <dns/types.h>
typedef struct cfg_aclconfctx {
ISC_LIST(dns_acl_t) named_acl_cache;
isc_mem_t *mctx;
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
dns_geoip_databases_t *geoip;
#endif
isc_refcount_t references;
static void
doc_optional_keyvalue(cfg_printer_t *pctx, const cfg_type_t *type);
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
static isc_result_t
parse_geoip(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret);
static void
doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type);
-#endif /* HAVE_GEOIP */
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
static cfg_type_t cfg_type_acl;
static cfg_type_t cfg_type_addrmatchelt;
{ "fstrm-set-reopen-interval", &cfg_type_uint32,
CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif /* HAVE_DNSTAP */
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
{ "geoip-directory", &cfg_type_qstringornone, 0 },
{ "geoip-use-ecs", &cfg_type_boolean, 0 },
#else
{ "geoip-directory", &cfg_type_qstringornone,
CFG_CLAUSEFLAG_NOTCONFIGURED },
{ "geoip-use-ecs", &cfg_type_boolean, CFG_CLAUSEFLAG_NOTCONFIGURED },
-#endif /* HAVE_GEOIP */
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
{ "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "heartbeat-interval", &cfg_type_uint32, 0 },
{ "host-statistics", &cfg_type_boolean, CFG_CLAUSEFLAG_NOTIMP },
doc_optional_keyvalue, &cfg_rep_string, &key_kw
};
-#ifdef HAVE_GEOIP
-/*
- * "geoip" ACL element:
- * geoip [ db <database> ] search-type <string>
- */
-static const char *geoiptype_enums[] = {
- "area", "areacode", "asnum", "city", "continent", "country",
- "country3", "countryname", "domain", "isp", "metro", "metrocode",
- "netspeed", "org", "postal", "postalcode", "region", "regionname",
- "timezone", "tz", NULL
-};
-static cfg_type_t cfg_type_geoiptype = {
- "geoiptype", cfg_parse_enum, cfg_print_ustring,
- cfg_doc_enum, &cfg_rep_string, &geoiptype_enums
-};
-
-static const char *geoipdb_enums[] = {
- "asnum", "city", "country", "domain", "isp", "netspeed",
- "org", "region", NULL
-};
-static cfg_type_t cfg_type_geoipdb = {
- "geoipdb", cfg_parse_enum, cfg_print_ustring,
- cfg_doc_enum, &cfg_rep_string, &geoipdb_enums
-};
-
-static cfg_tuplefielddef_t geoip_fields[] = {
- { "negated", &cfg_type_void, 0 },
- { "db", &cfg_type_geoipdb, 0 },
- { "subtype", &cfg_type_geoiptype, 0 },
- { "search", &cfg_type_astring, 0 },
- { NULL, NULL, 0 }
-};
-
-static cfg_type_t cfg_type_geoip = {
- "geoip", parse_geoip, print_geoip, doc_geoip,
- &cfg_rep_tuple, geoip_fields
-};
-
-static isc_result_t
-parse_geoip(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
- isc_result_t result;
- cfg_obj_t *obj = NULL;
- const cfg_tuplefielddef_t *fields = type->of;
-
- CHECK(cfg_create_tuple(pctx, type, &obj));
- CHECK(cfg_parse_void(pctx, NULL, &obj->value.tuple[0]));
-
- /* Parse the optional "db" field. */
- CHECK(cfg_peektoken(pctx, 0));
- if (pctx->token.type == isc_tokentype_string) {
- CHECK(cfg_gettoken(pctx, 0));
- if (strcasecmp(TOKEN_STRING(pctx), "db") == 0 &&
- obj->value.tuple[1] == NULL) {
- CHECK(cfg_parse_obj(pctx, fields[1].type,
- &obj->value.tuple[1]));
- } else {
- CHECK(cfg_parse_void(pctx, NULL,
- &obj->value.tuple[1]));
- cfg_ungettoken(pctx);
- }
- }
-
- CHECK(cfg_parse_obj(pctx, fields[2].type, &obj->value.tuple[2]));
- CHECK(cfg_parse_obj(pctx, fields[3].type, &obj->value.tuple[3]));
-
- *ret = obj;
- return (ISC_R_SUCCESS);
-
- cleanup:
- CLEANUP_OBJ(obj);
- return (result);
-}
-
-static void
-print_geoip(cfg_printer_t *pctx, const cfg_obj_t *obj) {
- if (obj->value.tuple[1]->type->print != cfg_print_void) {
- cfg_print_cstr(pctx, " db ");
- cfg_print_obj(pctx, obj->value.tuple[1]);
- }
- cfg_print_obj(pctx, obj->value.tuple[2]);
- cfg_print_obj(pctx, obj->value.tuple[3]);
-}
-
-static void
-doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type) {
- UNUSED(type);
- cfg_print_cstr(pctx, "[ db ");
- cfg_doc_enum(pctx, &cfg_type_geoipdb);
- cfg_print_cstr(pctx, " ]");
- cfg_print_cstr(pctx, " ");
- cfg_doc_enum(pctx, &cfg_type_geoiptype);
- cfg_print_cstr(pctx, " ");
- cfg_print_cstr(pctx, "<quoted_string>");
-}
-#endif /* HAVE_GEOIP */
-
/*%
* An EDNS client subnet address
*/
"querysource", NULL, print_querysource, NULL, &cfg_rep_sockaddr, NULL
};
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
+/*
+ * "geoip" ACL element:
+ * geoip [ db <database> ] search-type <string>
+ */
+static const char *geoiptype_enums[] = {
+ "area", "areacode", "asnum", "city", "continent", "country",
+ "country3", "countryname", "domain", "isp", "metro", "metrocode",
+ "netspeed", "org", "postal", "postalcode", "region", "regionname",
+ "timezone", "tz", NULL
+};
+static cfg_type_t cfg_type_geoiptype = {
+ "geoiptype", cfg_parse_enum, cfg_print_ustring,
+ cfg_doc_enum, &cfg_rep_string, &geoiptype_enums
+};
+
+static cfg_tuplefielddef_t geoip_fields[] = {
+ { "negated", &cfg_type_void, 0 },
+ { "db", &cfg_type_astring, 0 },
+ { "subtype", &cfg_type_geoiptype, 0 },
+ { "search", &cfg_type_astring, 0 },
+ { NULL, NULL, 0 }
+};
+
+static cfg_type_t cfg_type_geoip = {
+ "geoip", parse_geoip, print_geoip, doc_geoip,
+ &cfg_rep_tuple, geoip_fields
+};
+
+static isc_result_t
+parse_geoip(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
+ isc_result_t result;
+ cfg_obj_t *obj = NULL;
+ const cfg_tuplefielddef_t *fields = type->of;
+
+ CHECK(cfg_create_tuple(pctx, type, &obj));
+ CHECK(cfg_parse_void(pctx, NULL, &obj->value.tuple[0]));
+
+ /* Parse the optional "db" field. */
+ CHECK(cfg_peektoken(pctx, 0));
+ if (pctx->token.type == isc_tokentype_string) {
+ CHECK(cfg_gettoken(pctx, 0));
+ if (strcasecmp(TOKEN_STRING(pctx), "db") == 0 &&
+ obj->value.tuple[1] == NULL) {
+ CHECK(cfg_parse_obj(pctx, fields[1].type,
+ &obj->value.tuple[1]));
+ } else {
+ CHECK(cfg_parse_void(pctx, NULL,
+ &obj->value.tuple[1]));
+ cfg_ungettoken(pctx);
+ }
+ }
+
+ CHECK(cfg_parse_obj(pctx, fields[2].type, &obj->value.tuple[2]));
+ CHECK(cfg_parse_obj(pctx, fields[3].type, &obj->value.tuple[3]));
+
+ *ret = obj;
+ return (ISC_R_SUCCESS);
+
+ cleanup:
+ CLEANUP_OBJ(obj);
+ return (result);
+}
+
+static void
+print_geoip(cfg_printer_t *pctx, const cfg_obj_t *obj) {
+ if (obj->value.tuple[1]->type->print != cfg_print_void) {
+ cfg_print_cstr(pctx, " db ");
+ cfg_print_obj(pctx, obj->value.tuple[1]);
+ }
+ cfg_print_obj(pctx, obj->value.tuple[2]);
+ cfg_print_obj(pctx, obj->value.tuple[3]);
+}
+
+static void
+doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type) {
+ UNUSED(type);
+ cfg_print_cstr(pctx, "[ db ");
+ cfg_doc_obj(pctx, &cfg_type_astring);
+ cfg_print_cstr(pctx, " ]");
+ cfg_print_cstr(pctx, " ");
+ cfg_doc_enum(pctx, &cfg_type_geoiptype);
+ cfg_print_cstr(pctx, " ");
+ cfg_doc_obj(pctx, &cfg_type_astring);
+}
+#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
+
/*% addrmatchelt */
static isc_result_t
CHECK(cfg_parse_obj(pctx, &cfg_type_ecsprefix, ret));
} else if (pctx->token.type == isc_tokentype_string &&
(strcasecmp(TOKEN_STRING(pctx), "geoip") == 0)) {
-#ifdef HAVE_GEOIP
+#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
CHECK(cfg_gettoken(pctx, 0));
CHECK(cfg_parse_obj(pctx, &cfg_type_geoip, ret));
#else
projects / thirdparty / bind9.git / commitdiff
