From a8a9f25549ec8521b10f1dc11794a307d87c1d95 Mon Sep 17 00:00:00 2001
From: Martin Zobel-Helas <zobel@debian.org>
Date: Mon, 22 Jun 2009 11:05:33 -0600
Subject: GEO-IP Patch from
 git://git.kernel.org/pub/scm/network/bind/bind-geodns.git

Addresses-Debian-Bug: 395191
Signed-off-by: LaMont Jones <lamont@debian.org>

Conflicts:
	aclocal.m4
	config.guess
	config.h.in
	configure
	lib/dns/Makefile.in
	ltmain.sh
---
 config.h.in | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'config.h.in')

diff --git a/config.h.in b/config.h.in
index a6ddcb1e..2c180556 100644
--- a/config.h.in
+++ b/config.h.in
@@ -193,6 +193,9 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 if you have the `dlclose' function. */
 #undef HAVE_DLCLOSE
 
+/* Defined if GeoIP supports IPv6 lookups */
+#undef GEOIP_V6
+
 /* Define to 1 if you have the <dlfcn.h> header file. */
 #undef HAVE_DLFCN_H
 
@@ -421,6 +424,9 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 if you have the ANSI C header files. */
 #undef STDC_HEADERS
 
+/* Define if you want GeoIP support. */
+#undef SUPPORT_GEOIP
+
 /* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
 #undef TIME_WITH_SYS_TIME
 
-- 
cgit v1.2.3


From df44a1cd0ed8e1e8cfaec8bea09eaf9e07812b89 Mon Sep 17 00:00:00 2001
From: Stephen Gran <sgran@debian.org>
Date: Wed, 30 Jun 2010 07:40:05 -0600
Subject: updated geoip patch for ipv6, based on work by John 'Warthog9' Hawley
 <warthog9@eaglescrag.net>

Addresses-Debian-Bug: 584603
Signed-off-by: LaMont Jones <lamont@debian.org>
---
 config.h.in   |  6 +++---
 lib/dns/acl.c | 68 +++++++++++++++++++++++++++++++++++++++++++----------------
 2 files changed, 53 insertions(+), 21 deletions(-)

(limited to 'config.h.in')

diff --git a/config.h.in b/config.h.in
index 2c180556..7953ea7a 100644
--- a/config.h.in
+++ b/config.h.in
@@ -184,6 +184,9 @@ int sigwait(const unsigned int *set, int *sig);
    MSVC and with C++ compilers. */
 #undef FLEXIBLE_ARRAY_MEMBER
 
+/* Defined if GeoIP supports IPv6 lookups */
+#undef GEOIP_V6
+
 /* Define to 1 if you have the `chroot' function. */
 #undef HAVE_CHROOT
 
@@ -193,9 +196,6 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 if you have the `dlclose' function. */
 #undef HAVE_DLCLOSE
 
-/* Defined if GeoIP supports IPv6 lookups */
-#undef GEOIP_V6
-
 /* Define to 1 if you have the <dlfcn.h> header file. */
 #undef HAVE_DLFCN_H
 
diff --git a/lib/dns/acl.c b/lib/dns/acl.c
index aefba77e..aa3b7c6b 100644
--- a/lib/dns/acl.c
+++ b/lib/dns/acl.c
@@ -29,14 +29,11 @@
 #include <isc/once.h>
 #include <isc/string.h>
 #include <isc/util.h>
+#include <dns/log.h>
 
 #include <dns/acl.h>
 #include <dns/iptable.h>
 
-#ifdef SUPPORT_GEOIP
-static GeoIP *geoip = NULL;
-#endif
-
 /*
  * Create a new ACL, including an IP table and an array with room
  * for 'n' ACL elements.  The elements are uninitialized and the
@@ -394,30 +391,65 @@ dns_aclelement_match(const isc_netaddr_t *reqaddr,
 	int indirectmatch;
 	isc_result_t result;
 
+	#ifdef SUPPORT_GEOIP
+	static GeoIP *geoip = NULL;
+	static isc_boolean_t geoip_init_tried = ISC_FALSE;
+	#ifdef GEOIP_V6
+	static GeoIP *geoip6 = NULL;
+	static isc_boolean_t geoip6_init_tried = ISC_FALSE;
+	#endif
+	#endif
+
 	switch (e->type) {
 #ifdef SUPPORT_GEOIP
 	case dns_aclelementtype_ipcountry:
 		/* Country match */
-		if (NULL == geoip) {
-			geoip = GeoIP_new(GEOIP_MEMORY_CACHE);
+		if (NULL == geoip && !geoip_init_tried) {
+			geoip_init_tried = ISC_TRUE;
+			if (GeoIP_db_avail(GEOIP_COUNTRY_EDITION)) {
+				geoip = GeoIP_open_type(GEOIP_COUNTRY_EDITION, GEOIP_MEMORY_CACHE);
+				if (NULL == geoip)
+					isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
+						      DNS_LOGMODULE_ACL, ISC_LOG_NOTICE,
+						      "Failed to open geoip database for ipv4");
+			} else {
+				isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
+					      DNS_LOGMODULE_ACL, ISC_LOG_NOTICE,
+					      "geoip database for ipv4 is not available");
+			}
+		}
+#ifdef GEOIP_V6
+		if (NULL == geoip6 && !geoip6_init_tried) {
+			geoip6_init_tried = ISC_TRUE;
+			if (GeoIP_db_avail(GEOIP_COUNTRY_EDITION_V6)) {
+				geoip6 = GeoIP_open_type(GEOIP_COUNTRY_EDITION_V6, GEOIP_MEMORY_CACHE);
+				if (NULL == geoip6)
+					isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
+						      DNS_LOGMODULE_ACL, ISC_LOG_NOTICE,
+						      "Failed to open geoip database for ipv6");
+			} else {
+				isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
+					      DNS_LOGMODULE_ACL, ISC_LOG_NOTICE,
+					      "geoip database for ipv6 is not available");
+			}
 		}
-		if (NULL != geoip) {
-			const char *value = NULL;
+#endif
 
-			if (reqaddr->family == AF_INET) {
-				value = GeoIP_country_code_by_addr(geoip,inet_ntoa(reqaddr->type.in));
+                const char *value = NULL;
+
+		if (reqaddr->family == AF_INET && geoip) {
+			value = GeoIP_country_code_by_addr(geoip,inet_ntoa(reqaddr->type.in));
 #ifdef GEOIP_V6
-			} else if (reqaddr->family == AF_INET6) {
-				value = GeoIP_country_name_by_ipnum_v6(geoip, (geoipv6_t)reqaddr->type.in6);
+		} else if (reqaddr->family == AF_INET6 && geoip6) {
+			value = GeoIP_country_code_by_ipnum_v6(geoip6, (geoipv6_t)reqaddr->type.in6);
 #endif
-			}
+		}
                 
-			if ((NULL != value) && (2 == strlen(value))) {
-				if ((e->country[0] == value[0]) && (e->country[1] == value[1])) {
-					return (ISC_TRUE);
-				}
+		if ((NULL != value) && (2 == strlen(value))) {
+			if ((e->country[0] == value[0]) && (e->country[1] == value[1])) {
+				return (ISC_TRUE);
 			}
-                }
+		}
 		return (ISC_FALSE);
 #endif
 
-- 
cgit v1.2.3