svn commit: r546284 - in head/dns/bind911: . files

Mathieu Arnold mat at FreeBSD.org
Wed Aug 26 13:32:36 UTC 2020 

Author: mat
Date: Wed Aug 26 13:32:32 2020
New Revision: 546284
URL: https://svnweb.freebsd.org/changeset/ports/546284

Log:
  Add an option to use the DNS accept filter if available.
  
  PR:		241613
  Submitted by:	eugen

Added:
  head/dns/bind911/files/extrapatch-interfacemgr.c   (contents, props changed)
Modified:
  head/dns/bind911/Makefile   (contents, props changed)

Modified: head/dns/bind911/Makefile
==============================================================================
--- head/dns/bind911/Makefile	Wed Aug 26 13:32:28 2020	(r546283)
+++ head/dns/bind911/Makefile	Wed Aug 26 13:32:32 2020	(r546284)
@@ -55,7 +55,7 @@ PORTDOCS=	*
 OPTIONS_DEFAULT=	SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON \
 			DLZ_FILESYSTEM LMDB RPZ_NSDNAME RPZ_NSIP TCP_FASTOPEN \
 			FILTER_AAAA DNSTAP
-OPTIONS_DEFINE=		IDN LARGE_FILE JSON GEOIP \
+OPTIONS_DEFINE=		ACCFDNS IDN LARGE_FILE JSON GEOIP \
 			FIXED_RRSET SIGCHASE IPV6 THREADS FILTER_AAAA \
 			RPZ_NSIP RPZ_NSDNAME DOCS \
 			MINCACHE PORTREVISION QUERYTRACE LMDB DNSTAP \
@@ -72,6 +72,7 @@ OPTIONS_SINGLE_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSA
 
 OPTIONS_SUB=	yes
 
+ACCFDNS_DESC=		Prefer DNS accept filter over generic one
 CRYPTO_DESC=		Choose which crypto engine to use
 DLZ_BDB_DESC=		DLZ BDB driver
 DLZ_DESC=		Dynamically Loadable Zones
@@ -101,6 +102,8 @@ START_LATE_DESC=	Start BIND late in the boot process (
 TCP_FASTOPEN_DESC=	RFC 7413 support
 TUNING_LARGE_DESC=	Tune named for large systems (**READ HELP**)
 
+ACCFDNS_EXTRA_PATCHES=	${PATCHDIR}/extrapatch-interfacemgr.c
+	
 DLZ_BDB_CONFIGURE_ON=	--with-dlz-bdb=yes
 DLZ_BDB_USES=		bdb
 

Added: head/dns/bind911/files/extrapatch-interfacemgr.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/bind911/files/extrapatch-interfacemgr.c	Wed Aug 26 13:32:32 2020	(r546284)
@@ -0,0 +1,14 @@
+Use accf_dns's kernel module if available.
+
+--- bin/named/interfacemgr.c.orig	2020-08-06 10:05:20 UTC
++++ bin/named/interfacemgr.c
+@@ -521,7 +521,8 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
+ 	 * If/when there a multiple filters listen to the
+ 	 * result.
+ 	 */
+-	(void)isc_socket_filter(ifp->tcpsocket, "dataready");
++	if (isc_socket_filter(ifp->tcpsocket, "dnsready") != ISC_R_SUCCESS)
++		(void)isc_socket_filter(ifp->tcpsocket, "dataready");
+ 
+ 	result = ns_clientmgr_createclients(ifp->clientmgr, 1, ifp, true);
+ 	if (result != ISC_R_SUCCESS) {

More information about the svn-ports-all mailing list