diff -Nru bind9-9.5.1.dfsg.P1/config.h.in bind9-9.5.1.dfsg.P1/config.h.in --- bind9-9.5.1.dfsg.P1/config.h.in 2009-05-26 21:11:35.000000000 +0000 +++ bind9-9.5.1.dfsg.P1/config.h.in 2009-05-26 21:11:36.000000000 +0000 @@ -163,6 +163,9 @@ /* Solaris hack to get select_large_fdset. */ #undef FD_SETSIZE +/* Defined if GeoIP supports IPv6 lookups */ +#undef GEOIP_V6 + /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H @@ -303,6 +306,9 @@ /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS +/* Define if you want GeoIP support. */ +#undef SUPPORT_GEOIP + /* Define to 1 if you can safely include both and . */ #undef TIME_WITH_SYS_TIME diff -Nru bind9-9.5.1.dfsg.P1/configure bind9-9.5.1.dfsg.P1/configure --- bind9-9.5.1.dfsg.P1/configure 2009-05-26 21:11:35.000000000 +0000 +++ bind9-9.5.1.dfsg.P1/configure 2009-05-26 21:11:36.000000000 +0000 @@ -877,6 +877,7 @@ ISC_PLATFORM_HAVEDEVPOLL ISC_PLATFORM_NEEDSYSSELECTH LWRES_PLATFORM_NEEDSYSSELECTH +GEOIP_LIBS USE_OPENSSL DST_OPENSSL_INC ISC_PLATFORM_HAVEGSSAPI @@ -1655,6 +1656,7 @@ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-openssl=PATH Build with OpenSSL yes|no|path. (Required for DNSSEC) + --with-geoip=PATH Specify path for system-supplied GeoIP --with-gssapi=PATH Specify path for system-supplied GSSAPI --with-randomdev=PATH Specify path for random device --with-ptl2 on NetBSD, use the ptl2 thread library (experimental) @@ -6351,6 +6353,330 @@ esac # +# Check for GeoIP - if yes enable it +# + +{ echo "$as_me:$LINENO: checking for GeoIP library" >&5 +echo $ECHO_N "checking for GeoIP library... $ECHO_C" >&6; } + +# Check whether --with-geoip was given. +if test "${with_geoip+set}" = set; then + withval=$with_geoip; use_geoip="$withval" +else + use_geoip="no" +fi + + +#geoipdirs="/usr/local /usr/pkg /usr/kerberos /usr" +# +#if test "$use_geoip" = "yes" +#then +# for d in $geoipdirs +# do +# if test -f $d/include/include/GeoIP.h -o -f $d/include/GeoIP.h +# then +# use_geoip=$d +# break +# fi +# done +#fi + + +cat >>confdefs.h <<\_ACEOF +#define GEOIP_V6 1 +_ACEOF + +case "$use_geoip" in + no) + { echo "$as_me:$LINENO: result: disabled" >&5 +echo "${ECHO_T}disabled" >&6; } + USE_GEOIP='' + ;; +# yes) +# AC_MSG_ERROR([--with-geoip must specify a path]) +# ;; + *) + if test "${ac_cv_header_GeoIP_h+set}" = set; then + { echo "$as_me:$LINENO: checking for GeoIP.h" >&5 +echo $ECHO_N "checking for GeoIP.h... $ECHO_C" >&6; } +if test "${ac_cv_header_GeoIP_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +{ echo "$as_me:$LINENO: result: $ac_cv_header_GeoIP_h" >&5 +echo "${ECHO_T}$ac_cv_header_GeoIP_h" >&6; } +else + # Is the header compilable? +{ echo "$as_me:$LINENO: checking GeoIP.h usability" >&5 +echo $ECHO_N "checking GeoIP.h usability... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_compiler=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6; } + +# Is the header present? +{ echo "$as_me:$LINENO: checking GeoIP.h presence" >&5 +echo $ECHO_N "checking GeoIP.h presence... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi + +rm -f conftest.err conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: GeoIP.h: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: GeoIP.h: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: GeoIP.h: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: GeoIP.h: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: GeoIP.h: present but cannot be compiled" >&5 +echo "$as_me: WARNING: GeoIP.h: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: GeoIP.h: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: GeoIP.h: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: GeoIP.h: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: GeoIP.h: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: GeoIP.h: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: GeoIP.h: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: GeoIP.h: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: GeoIP.h: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: GeoIP.h: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: GeoIP.h: in the future, the compiler will take precedence" >&2;} + + ;; +esac +{ echo "$as_me:$LINENO: checking for GeoIP.h" >&5 +echo $ECHO_N "checking for GeoIP.h... $ECHO_C" >&6; } +if test "${ac_cv_header_GeoIP_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_header_GeoIP_h=$ac_header_preproc +fi +{ echo "$as_me:$LINENO: result: $ac_cv_header_GeoIP_h" >&5 +echo "${ECHO_T}$ac_cv_header_GeoIP_h" >&6; } + +fi +if test $ac_cv_header_GeoIP_h = yes; then + : +else + { { echo "$as_me:$LINENO: error: GeoIP library header files not found" >&5 +echo "$as_me: error: GeoIP library header files not found" >&2;} + { (exit 1); exit 1; }; } + +fi + + + { echo "$as_me:$LINENO: checking for GeoIP_open in -lGeoIP" >&5 +echo $ECHO_N "checking for GeoIP_open in -lGeoIP... $ECHO_C" >&6; } +if test "${ac_cv_lib_GeoIP_GeoIP_open+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lGeoIP $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char GeoIP_open (); +int +main () +{ +return GeoIP_open (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_GeoIP_GeoIP_open=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_GeoIP_GeoIP_open=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_GeoIP_GeoIP_open" >&5 +echo "${ECHO_T}$ac_cv_lib_GeoIP_GeoIP_open" >&6; } +if test $ac_cv_lib_GeoIP_GeoIP_open = yes; then + + +cat >>confdefs.h <<\_ACEOF +#define SUPPORT_GEOIP 1 +_ACEOF + + +else + + { { echo "$as_me:$LINENO: error: GeoIP library header files were found but the library was not found" >&5 +echo "$as_me: error: GeoIP library header files were found but the library was not found" >&2;} + { (exit 1); exit 1; }; } + +fi + + GEOIP_LIBS="-lGeoIP" + { echo "$as_me:$LINENO: checking for for GeoIP IPv6 support" >&5 +echo $ECHO_N "checking for for GeoIP IPv6 support... $ECHO_C" >&6; } + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#include +#include + +int +main () +{ + + +extern const struct in6_addr in6addr_loopback; +static GeoIP *geoip = NULL; + +const char* value = value = GeoIP_country_name_by_ipnum_v6(geoip, (geoipv6_t)in6addr_loopback); + + + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + GEOIP_V6="#define GEOIP_V6 1" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + GEOIP_V6="#undef GEOIP_V6" +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +cat >>confdefs.h <<\_ACEOF +#define GEOIP_V6 1 +_ACEOF + + ;; +esac + + + +# # This would include the system openssl path (and linker options to use # it as needed) if it is found. # @@ -10005,7 +10331,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 10008 "configure"' > conftest.$ac_ext + echo '#line 10334 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -12475,11 +12801,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:12478: $lt_compile\"" >&5) + (eval echo "\"\$as_me:12804: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:12482: \$? = $ac_status" >&5 + echo "$as_me:12808: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -12765,11 +13091,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:12768: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13094: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:12772: \$? = $ac_status" >&5 + echo "$as_me:13098: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -12869,11 +13195,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:12872: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13198: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:12876: \$? = $ac_status" >&5 + echo "$as_me:13202: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -15246,7 +15572,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5) + (eval echo "\"\$as_me:18076: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:17754: \$? = $ac_status" >&5 + echo "$as_me:18080: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -17851,11 +18177,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:17854: $lt_compile\"" >&5) + (eval echo "\"\$as_me:18180: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:17858: \$? = $ac_status" >&5 + echo "$as_me:18184: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -19449,11 +19775,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:19452: $lt_compile\"" >&5) + (eval echo "\"\$as_me:19778: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:19456: \$? = $ac_status" >&5 + echo "$as_me:19782: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -19553,11 +19879,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:19556: $lt_compile\"" >&5) + (eval echo "\"\$as_me:19882: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:19560: \$? = $ac_status" >&5 + echo "$as_me:19886: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -21773,11 +22099,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:21776: $lt_compile\"" >&5) + (eval echo "\"\$as_me:22102: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:21780: \$? = $ac_status" >&5 + echo "$as_me:22106: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -22063,11 +22389,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:22066: $lt_compile\"" >&5) + (eval echo "\"\$as_me:22392: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:22070: \$? = $ac_status" >&5 + echo "$as_me:22396: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -22167,11 +22493,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:22170: $lt_compile\"" >&5) + (eval echo "\"\$as_me:22496: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:22174: \$? = $ac_status" >&5 + echo "$as_me:22500: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -32651,6 +32977,7 @@ ISC_PLATFORM_HAVEDEVPOLL!$ISC_PLATFORM_HAVEDEVPOLL$ac_delim ISC_PLATFORM_NEEDSYSSELECTH!$ISC_PLATFORM_NEEDSYSSELECTH$ac_delim LWRES_PLATFORM_NEEDSYSSELECTH!$LWRES_PLATFORM_NEEDSYSSELECTH$ac_delim +GEOIP_LIBS!$GEOIP_LIBS$ac_delim USE_OPENSSL!$USE_OPENSSL$ac_delim DST_OPENSSL_INC!$DST_OPENSSL_INC$ac_delim ISC_PLATFORM_HAVEGSSAPI!$ISC_PLATFORM_HAVEGSSAPI$ac_delim @@ -32738,7 +33065,6 @@ LWRES_PLATFORM_NEEDSTRTOUL!$LWRES_PLATFORM_NEEDSTRTOUL$ac_delim GENRANDOMLIB!$GENRANDOMLIB$ac_delim ISC_PLATFORM_NEEDSTRLCPY!$ISC_PLATFORM_NEEDSTRLCPY$ac_delim -ISC_PLATFORM_NEEDSTRLCAT!$ISC_PLATFORM_NEEDSTRLCAT$ac_delim _ACEOF if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then @@ -32780,6 +33106,7 @@ ac_delim='%!_!# ' for ac_last_try in false false false false false :; do cat >conf$$subs.sed <<_ACEOF +ISC_PLATFORM_NEEDSTRLCAT!$ISC_PLATFORM_NEEDSTRLCAT$ac_delim ISC_PLATFORM_NEEDSPRINTF!$ISC_PLATFORM_NEEDSPRINTF$ac_delim LWRES_PLATFORM_NEEDSPRINTF!$LWRES_PLATFORM_NEEDSPRINTF$ac_delim ISC_PLATFORM_NEEDVSNPRINTF!$ISC_PLATFORM_NEEDVSNPRINTF$ac_delim @@ -32848,7 +33175,7 @@ LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 66; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 67; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 diff -Nru bind9-9.5.1.dfsg.P1/configure.in bind9-9.5.1.dfsg.P1/configure.in --- bind9-9.5.1.dfsg.P1/configure.in 2008-10-29 22:04:52.000000000 +0000 +++ bind9-9.5.1.dfsg.P1/configure.in 2009-05-26 21:11:36.000000000 +0000 @@ -618,6 +618,74 @@ esac # +# Check for GeoIP - if yes enable it +# + +AC_MSG_CHECKING(for GeoIP library) +AC_ARG_WITH(geoip, +[ --with-geoip=PATH Specify path for system-supplied GeoIP], + use_geoip="$withval", use_geoip="no") + +#geoipdirs="/usr/local /usr/pkg /usr/kerberos /usr" +# +#if test "$use_geoip" = "yes" +#then +# for d in $geoipdirs +# do +# if test -f $d/include/include/GeoIP.h -o -f $d/include/GeoIP.h +# then +# use_geoip=$d +# break +# fi +# done +#fi + +AC_DEFINE([GEOIP_V6], [1], [Defined if GeoIP supports IPv6 lookups]) +case "$use_geoip" in + no) + AC_MSG_RESULT(disabled) + USE_GEOIP='' + ;; +# yes) +# AC_MSG_ERROR([--with-geoip must specify a path]) +# ;; + *) + AC_CHECK_HEADER(GeoIP.h,, + [AC_MSG_ERROR([GeoIP library header files not found])] + ) + AC_CHECK_LIB(GeoIP, GeoIP_open, + [ + AC_DEFINE(SUPPORT_GEOIP, 1, Define if you want GeoIP support.) + ], + [ + AC_MSG_ERROR([GeoIP library header files were found but the library was not found]) + ]) + GEOIP_LIBS="-lGeoIP" + AC_MSG_CHECKING(for for GeoIP IPv6 support) + AC_TRY_COMPILE([ +#include +#include +], +[ + +extern const struct in6_addr in6addr_loopback; +static GeoIP *geoip = NULL; + +const char* value = value = GeoIP_country_name_by_ipnum_v6(geoip, (geoipv6_t)in6addr_loopback); + +] +, + [AC_MSG_RESULT(yes) + GEOIP_V6="#define GEOIP_V6 1"], + [AC_MSG_RESULT(no) + GEOIP_V6="#undef GEOIP_V6"]) +AC_DEFINE(GEOIP_V6) + ;; +esac + +AC_SUBST(GEOIP_LIBS) + +# # This would include the system openssl path (and linker options to use # it as needed) if it is found. # diff -Nru bind9-9.5.1.dfsg.P1/debian/changelog bind9-9.5.1.dfsg.P1/debian/changelog --- bind9-9.5.1.dfsg.P1/debian/changelog 2009-05-26 21:11:35.000000000 +0000 +++ bind9-9.5.1.dfsg.P1/debian/changelog 2009-05-26 21:11:36.000000000 +0000 @@ -1,3 +1,13 @@ +bind9 (10:9.5.1.dfsg.P1-2.1+dsa1) stable; urgency=low + + * DSA Upload for internal repository + * applied GEO-IP Patch on source from + git://git.kernel.org/pub/scm/network/bind/bind-geodns.git + * modified debian/rules + * modified debian/control, added build-depends + + -- Martin Zobel-Helas Mon, 25 May 2009 18:51:10 +0200 + bind9 (1:9.5.1.dfsg.P1-2) stable; urgency=low [Juhana Helovuo] diff -Nru bind9-9.5.1.dfsg.P1/debian/control bind9-9.5.1.dfsg.P1/debian/control --- bind9-9.5.1.dfsg.P1/debian/control 2009-05-26 21:11:35.000000000 +0000 +++ bind9-9.5.1.dfsg.P1/debian/control 2009-05-26 21:11:36.000000000 +0000 @@ -3,7 +3,7 @@ Priority: optional Maintainer: LaMont Jones Uploaders: Bdale Garbee -Build-Depends: libkrb5-dev, debhelper (>= 5), libssl-dev, libtool, bison, libdb-dev, libldap2-dev, libxml2-dev, libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], hardening-wrapper +Build-Depends: libkrb5-dev, debhelper (>= 5), libssl-dev, libtool, bison, libdb-dev, libldap2-dev, libxml2-dev, libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], hardening-wrapper, libgeoip-dev (>= 1.4.6) Build-Conflicts: libdb4.2-dev Standards-Version: 3.7.2.0 XS-Vcs-Browser: http://git.debian.org/?p=users/lamont/bind9.git diff -Nru bind9-9.5.1.dfsg.P1/debian/rules bind9-9.5.1.dfsg.P1/debian/rules --- bind9-9.5.1.dfsg.P1/debian/rules 2009-05-26 21:11:35.000000000 +0000 +++ bind9-9.5.1.dfsg.P1/debian/rules 2009-05-26 21:11:36.000000000 +0000 @@ -45,6 +45,7 @@ --with-dlz-filesystem=yes \ --with-dlz-ldap=yes \ --with-dlz-stub=yes \ + --with-geoip=/usr \ --enable-ipv6 touch configure-stamp diff -Nru bind9-9.5.1.dfsg.P1/lib/dns/acl.c bind9-9.5.1.dfsg.P1/lib/dns/acl.c --- bind9-9.5.1.dfsg.P1/lib/dns/acl.c 2008-09-26 23:46:32.000000000 +0000 +++ bind9-9.5.1.dfsg.P1/lib/dns/acl.c 2009-05-26 21:11:36.000000000 +0000 @@ -21,6 +21,10 @@ #include +#ifdef SUPPORT_GEOIP +#include +#endif + #include #include #include @@ -29,6 +33,11 @@ #include #include +#ifdef SUPPORT_GEOIP +static GeoIP *geoip = NULL; +static GeoIP *geoip6 = NULL; +#endif + /* * Create a new ACL, including an IP table and an array with room * for 'n' ACL elements. The elements are uninitialized and the @@ -316,6 +325,13 @@ dest->elements[nelem + i].node_num = source->elements[i].node_num + dest->node_count; +#ifdef SUPPORT_GEOIP + /* Country */ + if (source->elements[i].type == dns_aclelementtype_ipcountry && + source->elements[i].country != NULL) { + strncpy(dest->elements[nelem + i].country, source->elements[i].country, 3); + } +#endif /* Duplicate nested acl. */ if (source->elements[i].type == dns_aclelementtype_nestedacl && source->elements[i].nestedacl != NULL) @@ -377,6 +393,40 @@ isc_result_t result; switch (e->type) { +#ifdef SUPPORT_GEOIP + case dns_aclelementtype_ipcountry: + /* Country match */ + if (NULL == geoip) { + if (GeoIP_db_avail(GEOIP_COUNTRY_EDITION)) { + geoip = GeoIP_open_type(GEOIP_COUNTRY_EDITION, GEOIP_MEMORY_CACHE); + } + } +#ifdef GEOIP_V6 + if (NULL == geoip6) { + if (GeoIP_db_avail(GEOIP_COUNTRY_EDITION_V6)) { + geoip6 = GeoIP_open_type(GEOIP_COUNTRY_EDITION_V6, GEOIP_MEMORY_CACHE); + } + } +#endif + + const char *value = NULL; + + if (NULL != geoip && reqaddr->family == AF_INET) { + value = GeoIP_country_code_by_addr(geoip,inet_ntoa(reqaddr->type.in)); +#ifdef GEOIP_V6 + } else if (NULL != geoip6 && reqaddr->family == AF_INET6) { + value = GeoIP_country_code_by_ipnum_v6(geoip6, (geoipv6_t)reqaddr->type.in6); +#endif + } + + if ((NULL != value) && (2 == strlen(value))) { + if ((e->country[0] == value[0]) && (e->country[1] == value[1])) { + return (ISC_TRUE); + } + } + return (ISC_FALSE); +#endif + case dns_aclelementtype_keyname: if (reqsigner != NULL && dns_name_equal(reqsigner, &e->keyname)) { diff -Nru bind9-9.5.1.dfsg.P1/lib/dns/include/dns/acl.h bind9-9.5.1.dfsg.P1/lib/dns/include/dns/acl.h --- bind9-9.5.1.dfsg.P1/lib/dns/include/dns/acl.h 2007-12-21 06:46:47.000000000 +0000 +++ bind9-9.5.1.dfsg.P1/lib/dns/include/dns/acl.h 2009-05-26 21:11:36.000000000 +0000 @@ -53,8 +53,16 @@ dns_aclelementtype_localhost, dns_aclelementtype_localnets, dns_aclelementtype_any +#ifdef SUPPORT_GEOIP + , + dns_aclelementtype_ipcountry +#endif } dns_aclelemettype_t; +#ifdef SUPPORT_GEOIP +typedef char dns_aclipcountry[3]; +#endif + typedef struct dns_aclipprefix dns_aclipprefix_t; struct dns_aclipprefix { @@ -68,6 +76,9 @@ dns_name_t keyname; dns_acl_t *nestedacl; int node_num; +#ifdef SUPPORT_GEOIP + dns_aclipcountry country; +#endif }; struct dns_acl { diff -Nru bind9-9.5.1.dfsg.P1/lib/dns/Makefile.in bind9-9.5.1.dfsg.P1/lib/dns/Makefile.in --- bind9-9.5.1.dfsg.P1/lib/dns/Makefile.in 2009-05-26 21:11:35.000000000 +0000 +++ bind9-9.5.1.dfsg.P1/lib/dns/Makefile.in 2009-05-26 21:11:36.000000000 +0000 @@ -39,7 +39,7 @@ ISCDEPLIBS = ../../lib/isc/libisc.@A@ -LIBS = @LIBS@ -L../../lib/isc -lcrypto +LIBS = @LIBS@ -L../../lib/isc -lcrypto @GEOIP_LIBS@ # Alphabetically diff -Nru bind9-9.5.1.dfsg.P1/lib/isccfg/aclconf.c bind9-9.5.1.dfsg.P1/lib/isccfg/aclconf.c --- bind9-9.5.1.dfsg.P1/lib/isccfg/aclconf.c 2008-10-24 02:27:46.000000000 +0000 +++ bind9-9.5.1.dfsg.P1/lib/isccfg/aclconf.c 2009-05-26 21:11:36.000000000 +0000 @@ -191,6 +191,9 @@ } else if (cfg_obj_isstring(ce)) { const char *name = cfg_obj_asstring(ce); if (strcasecmp(name, "localhost") == 0 || +#ifdef SUPPORT_GEOIP + strncasecmp(name, "country_", 8) == 0 || +#endif strcasecmp(name, "localnets") == 0) { n++; } else if (strcasecmp(name, "any") != 0 && @@ -384,6 +387,14 @@ de->negative = !neg; } else continue; +#ifdef SUPPORT_GEOIP + } else if ((0 == (strncmp("country_", name, 8))) && (10 == strlen(name))) { + /* It is a country code */ + de->type = dns_aclelementtype_ipcountry; + de->country[0] = name[8]; + de->country[1] = name[9]; + de->country[2] = '\0'; +#endif } else if (strcasecmp(name, "localhost") == 0) { de->type = dns_aclelementtype_localhost; de->negative = neg;