Package: bind9 Version: 1:9.7.0.dfsg.P1-1 Severity: normal Tags: patch Hi,
It looks like you've merged the geoip patch into bind9, which is fantastic. Sadly, I've noticed that I probably sent you an incomplete version, which doesn't handle v6 correctly. I found during debugging that you need a seperate geoip context per database, so we need to create a second geoip context and do the v6 lookups against that. Patch attached. This bug is being written on a machine with bind9 installed from lenny, but please ignore the version numbers below - they are irrelevant to the bug report. The relevant version is above. Cheers, -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf-8, LC_CTYPE=en_US.utf-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf-8) Shell: /bin/sh linked to /bin/bash Versions of packages bind9 depends on: ii adduser 3.110 add and remove users and groups ii bind9utils 1:9.5.1.dfsg.P3-1+lenny1 Utilities for BIND ii debconf [debcon 1.5.24 Debian configuration management sy ii libbind9-40 1:9.5.1.dfsg.P3-1+lenny1 BIND9 Shared Library used by BIND ii libc6 2.7-18lenny2 GNU C Library: Shared libraries ii libcap2 2.11-2 support for getting/setting POSIX. ii libdb4.6 4.6.21-11 Berkeley v4.6 Database Libraries [ ii libdns45 1:9.5.1.dfsg.P3-1+lenny1 DNS Shared Library used by BIND ii libisc45 1:9.5.1.dfsg.P3-1+lenny1 ISC Shared Library used by BIND ii libisccc40 1:9.5.1.dfsg.P3-1+lenny1 Command Channel Library used by BI ii libisccfg40 1:9.5.1.dfsg.P3-1+lenny1 Config File Handling Library used ii libkrb53 1.6.dfsg.4~beta1-5lenny4 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.11-1+lenny1 OpenLDAP libraries ii liblwres40 1:9.5.1.dfsg.P3-1+lenny1 Lightweight Resolver Library used ii libssl0.9.8 0.9.8g-15+lenny6 SSL shared libraries ii libxml2 2.6.32.dfsg-5+lenny1 GNOME XML library ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii net-tools 1.60-22 The NET-3 networking toolkit ii netbase 4.34 Basic TCP/IP networking system bind9 recommends no packages. Versions of packages bind9 suggests: pn bind9-doc <none> (no description available) ii dnsutils 1:9.5.1.dfsg.P3-1+lenny1 Clients provided with BIND pn resolvconf <none> (no description available) pn ufw <none> (no description available) -- debconf information: * bind9/different-configuration-file: * bind9/run-resolvconf: true * bind9/start-as-user: bind -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sg...@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
--- lib/dns/acl.c.old 2010-06-05 00:41:38.000000000 +0100
+++ lib/dns/acl.c 2010-06-05 00:48:43.000000000 +0100
@@ -35,6 +35,9 @@
#ifdef SUPPORT_GEOIP
static GeoIP *geoip = NULL;
+#ifdef GEOIP_V6
+static GeoIP *geoip6 = NULL;
+#endif
#endif
/*
@@ -396,25 +399,31 @@
case dns_aclelementtype_ipcountry:
/* Country match */
if (NULL == geoip) {
- geoip = GeoIP_new(GEOIP_MEMORY_CACHE);
+ if (GeoIP_db_avail(GEOIP_COUNTRY_EDITION))
+ geoip = GeoIP_open_type(GEOIP_COUNTRY_EDITION, GEOIP_MEMORY_CACHE);
}
- if (NULL != geoip) {
- const char *value = NULL;
+#ifdef GEOIP_V6
+ if (NULL == geoip6) {
+ if (GeoIP_db_avail(GEOIP_COUNTRY_EDITION_V6))
+ geoip = GeoIP_open_type(GEOIP_COUNTRY_EDITION_V6, GEOIP_MEMORY_CACHE);
+ }
+#endif
- if (reqaddr->family == AF_INET) {
- value = GeoIP_country_code_by_addr(geoip,inet_ntoa(reqaddr->type.in));
+ const char *value = NULL;
+
+ if (reqaddr->family == AF_INET) {
+ value = GeoIP_country_code_by_addr(geoip,inet_ntoa(reqaddr->type.in));
#ifdef GEOIP_V6
- } else if (reqaddr->family == AF_INET6) {
- value = GeoIP_country_name_by_ipnum_v6(geoip, (geoipv6_t)reqaddr->type.in6);
+ } else if (reqaddr->family == AF_INET6) {
+ value = GeoIP_country_name_by_ipnum_v6(geoip6, (geoipv6_t)reqaddr->type.in6);
#endif
- }
+ }
- if ((NULL != value) && (2 == strlen(value))) {
- if ((e->country[0] == value[0]) && (e->country[1] == value[1])) {
- return (ISC_TRUE);
- }
+ if ((NULL != value) && (2 == strlen(value))) {
+ if ((e->country[0] == value[0]) && (e->country[1] == value[1])) {
+ return (ISC_TRUE);
}
- }
+ }
return (ISC_FALSE);
#endif
signature.asc
Description: Digital signature
