+3722. [bug] Using geoip ACLs in a blackhole statement
+ could cause a segfault. [RT #35272]
+
3721. [doc] Improved doucmentation of the EDNS processing
enhancements introduced in change #3593. [RT #35275]
return;
#else
GeoIPOptions method;
- GeoIPDBTypes edition;
#ifdef _WIN32
method = GEOIP_STANDARD;
rm -f ns2/named.conf
rm -f ns2/example[1234567].db
-rm -f dig.out.*
+rm -f dig.out.* rndc.out.*
--- /dev/null
+/*
+ * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+// NS2
+
+controls { /* empty */ };
+
+acl blocking {
+ geoip db country country AU;
+};
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ geoip-directory "../data";
+ blackhole { blocking; };
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-sha256;
+};
+
+controls {
+ inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
+};
[ $ret -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
+echo "I:reloading server"
+cp -f ns2/named12.conf ns2/named.conf
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
+sleep 3
+
+n=`expr $n + 1`
+echo "I:checking GeoIP blackhole ACL"
+ret=0
+$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n || ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 status 2>&1 > rndc.out.ns2.test$n || ret=1
+[ $ret -eq 0 ] || echo "I:failed"
+status=`expr $status + $ret`
+
echo "I:exit status: $status"
exit $status
if test "$use_geoip" = "yes"
then
- for d in /usr /usr/local
+ for d in /usr /usr/local /opt/local
do
if test -f $d/include/GeoIP.h
then
if test "$use_geoip" = "yes"
then
- for d in /usr /usr/local
+ for d in /usr /usr/local /opt/local
do
if test -f $d/include/GeoIP.h
then
#ifdef HAVE_GEOIP
case dns_aclelementtype_geoip:
+ if (env == NULL || env->geoip == NULL)
+ return (ISC_FALSE);
return (dns_geoip_match(reqaddr, env->geoip, &e->geoip_elem));
#endif
default:
if (prev_state != NULL &&
prev_state->subtype == subtype &&
+ prev_state->family == family &&
((prev_state->family == AF_INET && prev_state->ipnum == ipnum) ||
- (prev_state->family == AF_INET6 &&
+ (prev_state->family == AF_INET6 && ipnum6 != NULL &&
memcmp(prev_state->ipnum6.s6_addr, ipnum6->s6_addr, 16) == 0)))
text = prev_state->text;
* and 'matchelt' is non-NULL, *matchelt will be pointed to the matching
* element.
*
+ * 'env' points to the current ACL environment, including the
+ * current values of localhost and localnets and (if applicable)
+ * the GeoIP context.
+ *
* Returns:
*\li #ISC_R_SUCCESS Always succeeds.
*/
projects / thirdparty / bind9.git / commitdiff
