remove the experimental authoritative ECS support from named
- mark the 'geoip-use-ecs' option obsolete; warn when it is used in named.conf - prohibit 'ecs' ACL tags in named.conf; note that this is a fatal error since simply ignoring the tags could make ACLs behave unpredictably - re-simplify the radix and iptable code - clean up dns_acl_match(), dns_aclelement_match(), dns_acl_allowed() and dns_geoip_match() so they no longer take ecs options - remove the ECS-specific unit and system test cases - remove references to ECS from the ARM
This commit is contained in:
Evan Hunt
@@ -9,7 +9,6 @@
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
|
||||
/*! \file */
|
||||
|
||||
#include <config.h>
|
||||
@@ -132,8 +131,8 @@ load_geoip(const char *dir) {
|
||||
}
|
||||
|
||||
static isc_boolean_t
|
||||
do_lookup_string(const char *addr, isc_uint8_t *scope,
|
||||
dns_geoip_subtype_t subtype, const char *string)
|
||||
do_lookup_string(const char *addr, dns_geoip_subtype_t subtype,
|
||||
const char *string)
|
||||
{
|
||||
dns_geoip_elem_t elt;
|
||||
struct in_addr in4;
|
||||
@@ -145,12 +144,12 @@ do_lookup_string(const char *addr, isc_uint8_t *scope,
|
||||
elt.subtype = subtype;
|
||||
strlcpy(elt.as_string, string, sizeof(elt.as_string));
|
||||
|
||||
return (dns_geoip_match(&na, scope, &geoip, &elt));
|
||||
return (dns_geoip_match(&na, &geoip, &elt));
|
||||
}
|
||||
|
||||
static isc_boolean_t
|
||||
do_lookup_string_v6(const char *addr, isc_uint8_t *scope,
|
||||
dns_geoip_subtype_t subtype, const char *string)
|
||||
do_lookup_string_v6(const char *addr, dns_geoip_subtype_t subtype,
|
||||
const char *string)
|
||||
{
|
||||
dns_geoip_elem_t elt;
|
||||
struct in6_addr in6;
|
||||
@@ -162,13 +161,11 @@ do_lookup_string_v6(const char *addr, isc_uint8_t *scope,
|
||||
elt.subtype = subtype;
|
||||
strlcpy(elt.as_string, string, sizeof(elt.as_string));
|
||||
|
||||
return (dns_geoip_match(&na, scope, &geoip, &elt));
|
||||
return (dns_geoip_match(&na, &geoip, &elt));
|
||||
}
|
||||
|
||||
static isc_boolean_t
|
||||
do_lookup_int(const char *addr, isc_uint8_t *scope,
|
||||
dns_geoip_subtype_t subtype, int id)
|
||||
{
|
||||
do_lookup_int(const char *addr, dns_geoip_subtype_t subtype, int id) {
|
||||
dns_geoip_elem_t elt;
|
||||
struct in_addr in4;
|
||||
isc_netaddr_t na;
|
||||
@@ -179,7 +176,7 @@ do_lookup_int(const char *addr, isc_uint8_t *scope,
|
||||
elt.subtype = subtype;
|
||||
elt.as_int = id;
|
||||
|
||||
return (dns_geoip_match(&na, scope, &geoip, &elt));
|
||||
return (dns_geoip_match(&na, &geoip, &elt));
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -194,7 +191,6 @@ ATF_TC_HEAD(country, tc) {
|
||||
ATF_TC_BODY(country, tc) {
|
||||
isc_result_t result;
|
||||
isc_boolean_t match;
|
||||
isc_uint8_t scope;
|
||||
|
||||
UNUSED(tc);
|
||||
|
||||
@@ -209,30 +205,25 @@ ATF_TC_BODY(country, tc) {
|
||||
atf_tc_skip("Database not available");
|
||||
}
|
||||
|
||||
match = do_lookup_string("10.53.0.1", &scope,
|
||||
match = do_lookup_string("10.53.0.1",
|
||||
dns_geoip_country_code, "AU");
|
||||
ATF_CHECK(match);
|
||||
ATF_CHECK_EQ(scope, 32);
|
||||
|
||||
match = do_lookup_string("10.53.0.1", &scope,
|
||||
match = do_lookup_string("10.53.0.1",
|
||||
dns_geoip_country_code3, "AUS");
|
||||
ATF_CHECK(match);
|
||||
ATF_CHECK_EQ(scope, 32);
|
||||
|
||||
match = do_lookup_string("10.53.0.1", &scope,
|
||||
match = do_lookup_string("10.53.0.1",
|
||||
dns_geoip_country_name, "Australia");
|
||||
ATF_CHECK(match);
|
||||
ATF_CHECK_EQ(scope, 32);
|
||||
|
||||
match = do_lookup_string("192.0.2.128", &scope,
|
||||
match = do_lookup_string("192.0.2.128",
|
||||
dns_geoip_country_code, "O1");
|
||||
ATF_CHECK(match);
|
||||
ATF_CHECK_EQ(scope, 24);
|
||||
|
||||
match = do_lookup_string("192.0.2.128", &scope,
|
||||
match = do_lookup_string("192.0.2.128",
|
||||
dns_geoip_country_name, "Other");
|
||||
ATF_CHECK(match);
|
||||
ATF_CHECK_EQ(scope, 24);
|
||||
|
||||
dns_test_end();
|
||||
}
|
||||
@@ -245,7 +236,6 @@ ATF_TC_HEAD(country_v6, tc) {
|
||||
ATF_TC_BODY(country_v6, tc) {
|
||||
isc_result_t result;
|
||||
isc_boolean_t match;
|
||||
isc_uint8_t scope;
|
||||
|
||||
UNUSED(tc);
|
||||
|
||||
@@ -260,20 +250,17 @@ ATF_TC_BODY(country_v6, tc) {
|
||||
atf_tc_skip("Database not available");
|
||||
}
|
||||
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", &scope,
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
|
||||
dns_geoip_country_code, "AU");
|
||||
ATF_CHECK(match);
|
||||
ATF_CHECK_EQ(scope, 128);
|
||||
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", &scope,
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
|
||||
dns_geoip_country_code3, "AUS");
|
||||
ATF_CHECK(match);
|
||||
ATF_CHECK_EQ(scope, 128);
|
||||
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", &scope,
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
|
||||
dns_geoip_country_name, "Australia");
|
||||
ATF_CHECK(match);
|
||||
ATF_CHECK_EQ(scope, 128);
|
||||
|
||||
dns_test_end();
|
||||
}
|
||||
@@ -300,42 +287,42 @@ ATF_TC_BODY(city, tc) {
|
||||
atf_tc_skip("Database not available");
|
||||
}
|
||||
|
||||
match = do_lookup_string("10.53.0.1", NULL,
|
||||
match = do_lookup_string("10.53.0.1",
|
||||
dns_geoip_city_continentcode, "NA");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.1", NULL,
|
||||
match = do_lookup_string("10.53.0.1",
|
||||
dns_geoip_city_countrycode, "US");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.1", NULL,
|
||||
match = do_lookup_string("10.53.0.1",
|
||||
dns_geoip_city_countrycode3, "USA");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.1", NULL,
|
||||
match = do_lookup_string("10.53.0.1",
|
||||
dns_geoip_city_countryname, "United States");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.1", NULL,
|
||||
match = do_lookup_string("10.53.0.1",
|
||||
dns_geoip_city_region, "CA");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.1", NULL,
|
||||
match = do_lookup_string("10.53.0.1",
|
||||
dns_geoip_city_regionname, "California");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.1", NULL,
|
||||
match = do_lookup_string("10.53.0.1",
|
||||
dns_geoip_city_name, "Redwood City");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.1", NULL,
|
||||
match = do_lookup_string("10.53.0.1",
|
||||
dns_geoip_city_postalcode, "94063");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_int("10.53.0.1", NULL, dns_geoip_city_areacode, 650);
|
||||
match = do_lookup_int("10.53.0.1", dns_geoip_city_areacode, 650);
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_int("10.53.0.1", NULL, dns_geoip_city_metrocode, 807);
|
||||
match = do_lookup_int("10.53.0.1", dns_geoip_city_metrocode, 807);
|
||||
ATF_CHECK(match);
|
||||
|
||||
dns_test_end();
|
||||
@@ -363,36 +350,36 @@ ATF_TC_BODY(city_v6, tc) {
|
||||
atf_tc_skip("Database not available");
|
||||
}
|
||||
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", NULL,
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
|
||||
dns_geoip_city_continentcode, "NA");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", NULL,
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
|
||||
dns_geoip_city_countrycode, "US");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", NULL,
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
|
||||
dns_geoip_city_countrycode3, "USA");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", NULL,
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
|
||||
dns_geoip_city_countryname,
|
||||
"United States");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", NULL,
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
|
||||
dns_geoip_city_region, "CA");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", NULL,
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
|
||||
dns_geoip_city_regionname, "California");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", NULL,
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
|
||||
dns_geoip_city_name, "Redwood City");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", NULL,
|
||||
match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
|
||||
dns_geoip_city_postalcode, "94063");
|
||||
ATF_CHECK(match);
|
||||
|
||||
@@ -422,15 +409,15 @@ ATF_TC_BODY(region, tc) {
|
||||
atf_tc_skip("Database not available");
|
||||
}
|
||||
|
||||
match = do_lookup_string("10.53.0.1", NULL,
|
||||
match = do_lookup_string("10.53.0.1",
|
||||
dns_geoip_region_code, "CA");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.1", NULL,
|
||||
match = do_lookup_string("10.53.0.1",
|
||||
dns_geoip_region_name, "California");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.1", NULL,
|
||||
match = do_lookup_string("10.53.0.1",
|
||||
dns_geoip_region_countrycode, "US");
|
||||
ATF_CHECK(match);
|
||||
|
||||
@@ -464,30 +451,30 @@ ATF_TC_BODY(best, tc) {
|
||||
atf_tc_skip("Database not available");
|
||||
}
|
||||
|
||||
match = do_lookup_string("10.53.0.4", NULL,
|
||||
match = do_lookup_string("10.53.0.4",
|
||||
dns_geoip_countrycode, "US");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.4", NULL,
|
||||
match = do_lookup_string("10.53.0.4",
|
||||
dns_geoip_countrycode3, "USA");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.4", NULL,
|
||||
match = do_lookup_string("10.53.0.4",
|
||||
dns_geoip_countryname, "United States");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.4", NULL,
|
||||
match = do_lookup_string("10.53.0.4",
|
||||
dns_geoip_regionname, "Virginia");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.4", NULL,
|
||||
match = do_lookup_string("10.53.0.4",
|
||||
dns_geoip_region, "VA");
|
||||
ATF_CHECK(match);
|
||||
|
||||
GeoIP_delete(geoip.city_v4);
|
||||
geoip.city_v4 = NULL;
|
||||
|
||||
match = do_lookup_string("10.53.0.4", NULL,
|
||||
match = do_lookup_string("10.53.0.4",
|
||||
dns_geoip_countrycode, "AU");
|
||||
ATF_CHECK(match);
|
||||
|
||||
@@ -495,26 +482,26 @@ ATF_TC_BODY(best, tc) {
|
||||
* Note, region doesn't support code3 or countryname, so
|
||||
* the next two would be answered from the country database instead
|
||||
*/
|
||||
match = do_lookup_string("10.53.0.4", NULL,
|
||||
match = do_lookup_string("10.53.0.4",
|
||||
dns_geoip_countrycode3, "CAN");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.4", NULL,
|
||||
match = do_lookup_string("10.53.0.4",
|
||||
dns_geoip_countryname, "Canada");
|
||||
ATF_CHECK(match);
|
||||
|
||||
GeoIP_delete(geoip.region);
|
||||
geoip.region = NULL;
|
||||
|
||||
match = do_lookup_string("10.53.0.4", NULL,
|
||||
match = do_lookup_string("10.53.0.4",
|
||||
dns_geoip_countrycode, "CA");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.4", NULL,
|
||||
match = do_lookup_string("10.53.0.4",
|
||||
dns_geoip_countrycode3, "CAN");
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_string("10.53.0.4", NULL,
|
||||
match = do_lookup_string("10.53.0.4",
|
||||
dns_geoip_countryname, "Canada");
|
||||
ATF_CHECK(match);
|
||||
|
||||
@@ -545,7 +532,7 @@ ATF_TC_BODY(asnum, tc) {
|
||||
}
|
||||
|
||||
|
||||
match = do_lookup_string("10.53.0.3", NULL, dns_geoip_as_asnum,
|
||||
match = do_lookup_string("10.53.0.3", dns_geoip_as_asnum,
|
||||
"AS100003 Three Network Labs");
|
||||
ATF_CHECK(match);
|
||||
|
||||
@@ -574,7 +561,7 @@ ATF_TC_BODY(isp, tc) {
|
||||
atf_tc_skip("Database not available");
|
||||
}
|
||||
|
||||
match = do_lookup_string("10.53.0.1", NULL, dns_geoip_isp_name,
|
||||
match = do_lookup_string("10.53.0.1", dns_geoip_isp_name,
|
||||
"One Systems, Inc.");
|
||||
ATF_CHECK(match);
|
||||
|
||||
@@ -603,7 +590,7 @@ ATF_TC_BODY(org, tc) {
|
||||
atf_tc_skip("Database not available");
|
||||
}
|
||||
|
||||
match = do_lookup_string("10.53.0.2", NULL, dns_geoip_org_name,
|
||||
match = do_lookup_string("10.53.0.2", dns_geoip_org_name,
|
||||
"Two Technology Ltd.");
|
||||
ATF_CHECK(match);
|
||||
|
||||
@@ -632,7 +619,7 @@ ATF_TC_BODY(domain, tc) {
|
||||
atf_tc_skip("Database not available");
|
||||
}
|
||||
|
||||
match = do_lookup_string("10.53.0.4", NULL,
|
||||
match = do_lookup_string("10.53.0.4",
|
||||
dns_geoip_domain_name, "four.com");
|
||||
ATF_CHECK(match);
|
||||
|
||||
@@ -661,16 +648,16 @@ ATF_TC_BODY(netspeed, tc) {
|
||||
atf_tc_skip("Database not available");
|
||||
}
|
||||
|
||||
match = do_lookup_int("10.53.0.1", NULL, dns_geoip_netspeed_id, 0);
|
||||
match = do_lookup_int("10.53.0.1", dns_geoip_netspeed_id, 0);
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_int("10.53.0.2", NULL, dns_geoip_netspeed_id, 1);
|
||||
match = do_lookup_int("10.53.0.2", dns_geoip_netspeed_id, 1);
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_int("10.53.0.3", NULL, dns_geoip_netspeed_id, 2);
|
||||
match = do_lookup_int("10.53.0.3", dns_geoip_netspeed_id, 2);
|
||||
ATF_CHECK(match);
|
||||
|
||||
match = do_lookup_int("10.53.0.4", NULL, dns_geoip_netspeed_id, 3);
|
||||
match = do_lookup_int("10.53.0.4", dns_geoip_netspeed_id, 3);
|
||||
ATF_CHECK(match);
|
||||
|
||||
dns_test_end();
|
||||
|
||||
Reference in New Issue
Block a user