Add an option to use the DNS accept filter if available.

PR:		241613
Submitted by:	eugen

dns/bind911/Makefile

@@ -55,7 +55,7 @@ PORTDOCS=	*
 OPTIONS_DEFAULT=	SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON \
 			DLZ_FILESYSTEM LMDB RPZ_NSDNAME RPZ_NSIP TCP_FASTOPEN \
 			FILTER_AAAA DNSTAP
-OPTIONS_DEFINE=		IDN LARGE_FILE JSON GEOIP \
+OPTIONS_DEFINE=		ACCFDNS IDN LARGE_FILE JSON GEOIP \
 			FIXED_RRSET SIGCHASE IPV6 THREADS FILTER_AAAA \
 			RPZ_NSIP RPZ_NSDNAME DOCS \
 			MINCACHE PORTREVISION QUERYTRACE LMDB DNSTAP \
@@ -72,6 +72,7 @@ OPTIONS_SINGLE_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
 
 OPTIONS_SUB=	yes
 
+ACCFDNS_DESC=		Prefer DNS accept filter over generic one
 CRYPTO_DESC=		Choose which crypto engine to use
 DLZ_BDB_DESC=		DLZ BDB driver
 DLZ_DESC=		Dynamically Loadable Zones
@@ -101,6 +102,8 @@ START_LATE_DESC=	Start BIND late in the boot process (see help)
 TCP_FASTOPEN_DESC=	RFC 7413 support
 TUNING_LARGE_DESC=	Tune named for large systems (**READ HELP**)
 
+ACCFDNS_EXTRA_PATCHES=	${PATCHDIR}/extrapatch-interfacemgr.c
+	
 DLZ_BDB_CONFIGURE_ON=	--with-dlz-bdb=yes
 DLZ_BDB_USES=		bdb
 

dns/bind911/files/extrapatch-interfacemgr.c

@@ -0,0 +1,14 @@
+Use accf_dns's kernel module if available.
+
+--- bin/named/interfacemgr.c.orig	2020-08-06 10:05:20 UTC
++++ bin/named/interfacemgr.c
+@@ -521,7 +521,8 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
+ 	 * If/when there a multiple filters listen to the
+ 	 * result.
+ 	 */
+-	(void)isc_socket_filter(ifp->tcpsocket, "dataready");
++	if (isc_socket_filter(ifp->tcpsocket, "dnsready") != ISC_R_SUCCESS)
++		(void)isc_socket_filter(ifp->tcpsocket, "dataready");
+ 
+ 	result = ns_clientmgr_createclients(ifp->clientmgr, 1, ifp, true);
+ 	if (result != ISC_R_SUCCESS) {