O.k., I've cleaned it up a lot, and it's now in a happy enough
state for my own use anyway 
It's attached in tar.gz format,
I've also attached a very small patch for NSD which allows
register_data in plugin.c to register data throughout a zone
recursively.
In order to cope with this change, a lot of new logic has been
added to aclc, but the outward changes are minimal.
Changes:
Added NSD.patch and a README for building/using the plugin
Aclc now gives each specified zonename it's own chain of rules,
which includes and rules from parent zones. Aclc also orders
the db so that recursive adding doesnt erase any rules we need.
The README contains better guide to the semantics.
aclc -p now outputs rule numbers for each rule
acl-plugin.so can now be loaded as follows:
-Xacl-plugin.so=/path/to/acl.db[,loglevel]
loglevel can be 1, or 2;
1: log all queries rejected, including the rule number
2: log all queries matched, including the rule number
aclc_lexer.l and aclc_parser.y have been moved into a lexer/
sub-directory, because gmake was trying to be clever and
invoking lex when it wasnt needed.
(attachments)
nsd_acl_plugin.tar.gz (66 KB)
NSD.patch (1.47 KB)